New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Content Security Policy for Web transports #1393

Open

oberstet opened this issue Sep 11, 2018 · 1 comment

Labels

core enhancement

Contributor

oberstet commented Sep 11, 2018

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware.

In works like this:

a Web server set CSP via a HTTP response headers (Content-Security-Policy and X-XSS-Protection
a compliant Web browser will enforce the CSP set in the HTTP response header set on the document loaded for the main browsing context
the CSP can limit the origins from where stuff like images, stylessheets and of course JS can be loaded (that would run in the original browsing context!)

References:

The text was updated successfully, but these errors were encountered:

oberstet added enhancement core labels

Contributor Author

oberstet commented Sep 11, 2018 •

edited

Loading

Overview:

https://en.wikipedia.org/wiki/Content_Security_Policy

Browser support and lots more:

Test browser support:

https://content-security-policy.com/browser-test/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment