Skip to content

/ webappsec-csp

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

109 Open 172 Closed
109 Open 172 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels.
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀
Document that line-number and column-number are 1-based in CSP reporting spec
#442 opened Sep 16, 2020 by adob
host-part matching should allow IPv6 "[::1]" as it does for "127.0.0.1"
#440 opened Aug 7, 2020 by fdelapena
Does http://example.com:80 match https://example.com?
#439 opened Aug 7, 2020 by antosart
4
Cross-realm eval() calls and 'unsafe-eval'
#438 opened Aug 5, 2020 by TomiBelan
2
Looking for guidance on defining CSP for <portal>
#437 opened Jul 27, 2020 by domenic
5
Clarify/test which quote characters may be used
#434 opened May 13, 2020 by foolip
3
Are nonces allowed/supported in frame-src?
#433 opened Apr 29, 2020 by viraptor
4
Clarify that report-uri cannot violate mixed-content
#432 opened Apr 24, 2020 by antosart
Why do `base-uri` and `frame-ancestors` have different grammars?
#431 opened Apr 23, 2020 by bakkot
2
Why does hash-source apply to external scripts, but not external styles?
#430 opened Mar 25, 2020 by bakkot
1
connect-src: wss without schema
#429 opened Mar 20, 2020 by axelssonHakan
6
`unsafe-allow-redirects` and `form-action` interact weirdly
#428 opened Mar 20, 2020 by bakkot
`javascript:` navigation directive-name is always null
#427 opened Mar 19, 2020 by bakkot
Does `strict-dynamic` allow dynamically adding inline scripts?
#426 opened Mar 19, 2020 by bakkot
@mikewest
4
Inconsistent treatment of base64url-encoded hash sources in CSP vs SRI
#423 opened Mar 18, 2020 by bakkot
Inconsistent behavior of frame-ancestors versus implementations
#421 opened Feb 21, 2020 by iangcarroll
Why does plugin-types use the empty list instead of 'none'?
#420 opened Jan 17, 2020 by bakkot
1
Where is the Content Security Policy Directive registry?
#419 opened Jan 16, 2020 by bakkot
1
hash-algo
#418 opened Jan 6, 2020 by annevk
Add version number to allow 'non-backwards compatible' CSP[version]-mode
#416 opened Dec 15, 2019 by NL-William
Spec is inconsistent about which strings are valid CSPs
#414 opened Nov 22, 2019 by bakkot
1
recapture bug
#412 opened Oct 19, 2019 by Ronsekaon
3
Parsing multiple sources when one of them is 'none'?
#411 opened Sep 26, 2019 by mozfreddyb
Update to constructor operations
#409 opened Aug 29, 2019 by Ms2ger
Update spec to new IDL syntax for optional dictionaries
#408 opened Aug 22, 2019 by Ms2ger
ProTip! Exclude everything labeled bug with -label:bug.
You can’t perform that action at this time.