You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 9, 2022. It is now read-only.
Question: do we want set up Content Security Policy? It's a security standard helping with all bad stuff bad people could do with a website, including clickjacking, malicious XSS and other. I was really encouraged to implement it on my last year web security workshops, but honestly I have no experience with that other than this workshop.
Implementation would be extremely easy, just adding one line to server in nginx config:
In our part? Probably even anything (as soon #49 will be merged to develop) but there'll be a problem with Nova. I opened first Nova file included into our project (resources/views/nova/telescope-link.php) and in second line (!) there is a inline javascript call to opening new window. We can (and should) replace it with <a target="_blank" probably, but there're plenty of shit in Nova vendor files and I don't now how to handle them. Maybe disabling CSP on dashboard routes would be an option?
Question: do we want set up Content Security Policy? It's a security standard helping with all bad stuff bad people could do with a website, including clickjacking, malicious XSS and other. I was really encouraged to implement it on my last year web security workshops, but honestly I have no experience with that other than this workshop.
Implementation would be extremely easy, just adding one line to
server
in nginx config:Adjusting current codebase wouldn't be hard too. Mostly because we don't have a lot of code right now. ;)
The text was updated successfully, but these errors were encountered: