w3c / webappsec-csp Public

Notifications
Fork 87
Star 180

Code
Issues 143
Pull requests 6
Actions
Projects 1
Wiki
Security
Insights

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

Issues: w3c/webappsec-csp

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

143 Open 210 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

Logic issue with resource hint check with multiple conflicting policies

#587 opened Jan 27, 2023 by noamr

Remove initialization hook

#581 opened Dec 1, 2022 by antosart

'report-hash': Adding hashes of blocked content to violation reports

#575 opened Oct 26, 2022 by arturjanc

Enable CSP3 'unsafe-hashes' for script src attributes

#574 opened Oct 26, 2022 by arturjanc

CSS and JSON module scripts

#573 opened Oct 25, 2022 by annevk

The editor's draft includes several features that no one has shipped.

#563 opened Sep 15, 2022 by mikewest

Correct the link for CSP3 in the CSP2 Page

#556 opened Jul 8, 2022 by Abdulali97

Regarding hashes for JS URL

#553 opened Jul 5, 2022 by seongil-wi

when using report-uri / report-to when in report only mode blocked-uri is returned as inline

#551 opened Jun 29, 2022 by allen-munsch

Problem caused by script-src-elem 'nonce-<nonce>' 'strcit-dynamic'

#548 opened Jun 3, 2022 by seongil-wi

report-uri deprecation timeline

#544 opened May 12, 2022 by carlosjeurissen

What should the default be for the "webrtc" directive in workers?

#538 opened Feb 15, 2022 by alvestrand

definitions of ancestor-source differ between documents

#535 opened Jan 4, 2022 by kgoess

Fetch rewrites ws/wss URLs, but browsers still report them in CSP

#532 opened Nov 22, 2021 by annevk

should-block-response doesn't forward arguments

#524 opened Nov 9, 2021 by annevk

Hashes bypass source-based allowlisting only on pre-request, not on post-request

#523 opened Nov 8, 2021 by antosart

Editorial: header names and values are byte sequences

#521 opened Oct 25, 2021 by annevk

Request to Support Dynamic Resource Validation

#518 opened Oct 15, 2021 by gulachek

External color profiles and CSP

#516 opened Oct 7, 2021 by annevk

Content-Security-Policy header isn't registered

#514 opened Sep 29, 2021 by mnot

Scope of navigate-to and form-action

#510 opened Sep 23, 2021 by annevk

frame-src can leak cross origin information

#509 opened Sep 23, 2021 by antosart

Consider adding import-src

#506 opened Jul 16, 2021 by shhnjk

Preendering and prefetch-src

#502 opened Jun 18, 2021 by mfalken

Any chance to get Content-Security-Policy: frame-sandbox?

#501 opened Jun 12, 2021 by giy-debug

Previous 1 2 3 4 5 6 Next

Previous Next

ProTip! Follow long discussions with comments:>50.