Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(csp): get rid of unsafe scripts and styles #1047

Open
dargmuesli opened this issue Jan 21, 2023 · 1 comment
Open

fix(csp): get rid of unsafe scripts and styles #1047

dargmuesli opened this issue Jan 21, 2023 · 1 comment
Assignees
@dargmuesli
Labels
bug Something isn't working waiting This depends on something

Comments

@dargmuesli
Copy link
Member

dargmuesli commented Jan 21, 2023
edited
Loading

Currently, our content security policy must allow unsafe scripts and styles because of Nuxt and Tailwind. Therefore the X-XSS-Protection security header is currently set to 1; mode=block instead of 0 as well.

All insecure csp properties should be removed once Nuxt & Tailwind allow to do so and the security header should be set back to 0.

Also:
@dargmuesli dargmuesli added the bug Something isn't working label Jan 21, 2023
@dargmuesli dargmuesli self-assigned this Jan 21, 2023
dargmuesli added a commit that referenced this issue Jan 21, 2023
@dargmuesli
fix(csp): enable xss protection header
84528fb 
#1047
@dargmuesli dargmuesli mentioned this issue Jan 21, 2023
Merged
@dargmuesli dargmuesli added the waiting This depends on something label Jan 27, 2023
@surgiie
Copy link

surgiie commented Jul 18, 2024

Any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dargmuesli dargmuesli

Labels
bug Something isn't working waiting This depends on something
Projects
maevsi
Status: Waiting
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dargmuesli @surgiie