Additional CSP Issues #11

pes10k · 2017-10-22T06:28:02Z

The following CSP keeps the injected script from executing…

default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/pitchfork

The text was updated successfully, but these errors were encountered:

pes10k · 2017-10-22T06:29:50Z

The previous changes in b3a7659 fixed a large number of CSP issues, by calculating the SHA256 of the injected code, and modifying the CSP header to whitelist the added code.

But the above command is stopping the code from executing…

pes10k added this to the 0.9.3 milestone Oct 22, 2017

pes10k added the bug label Oct 22, 2017

crssi mentioned this issue Oct 22, 2017

Cannot sign in to github.com even when all "blocked standards" are cleared #3

Closed

pes10k closed this as completed in 0bd91f6 Oct 23, 2017

pes10k modified the milestone: 0.9.3 Oct 23, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Additional CSP Issues #11

Additional CSP Issues #11

pes10k commented Oct 22, 2017

pes10k commented Oct 22, 2017

Additional CSP Issues #11

Additional CSP Issues #11

Comments

pes10k commented Oct 22, 2017

pes10k commented Oct 22, 2017