Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/website/cmd/golangorg: Add Content Security Policy #36892

Open
empijei opened this issue Jan 30, 2020 · 1 comment
Open

x/website/cmd/golangorg: Add Content Security Policy #36892

empijei opened this issue Jan 30, 2020 · 1 comment
Labels
Milestone

Comments

@empijei
Copy link
Contributor

@empijei empijei commented Jan 30, 2020

CSP is an important protection against some of the higher risk web vulnerabilities and the official Go website doesn't currently adopt it.

Moreover CSP is a internal requirement for any website hosted on *.google.eTLD and the Go website is currently also hosted on golang.google.cn.

I can take care of fixing this or finding someone that can work on it if the proposal is accepted.

/cc @dmitshur @andybons

@gopherbot gopherbot added this to the Proposal milestone Jan 30, 2020
@andybons andybons removed this from the Proposal milestone Jan 30, 2020
@andybons andybons added this to the Unreleased milestone Jan 30, 2020
@andybons
Copy link
Member

@andybons andybons commented Jan 30, 2020

This doesn't need a proposal. Feel free to submit a fix :)

Loading

@andybons andybons removed the Proposal label Jan 30, 2020
@andybons andybons changed the title proposal: x/website/cmd/golangorg: Add Content Security Policy x/website/cmd/golangorg: Add Content Security Policy Jan 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants