w3c/webappsec-csp

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Should Workers inherit CSP directives from the parent context?
#336 opened Sep 18, 2018 by bakulf

7
Remove mentions of the ws\wss schemes in CSP
#332 opened Sep 17, 2018 by andypaicu

3
Security issue: fragments (after the '#') must not be reported.
#326 opened Sep 7, 2018 by alunmj

3
The effective directive for violations is incorrect
#324 opened Aug 13, 2018 by andypaicu CSP3 CR
Feature Request: Support for cross-domain downloads
#323 opened Aug 6, 2018 by aarongustafson

10
Handling of javascript: navigations is not interoperable, spec doesn't match most implementations
#322 opened Jul 24, 2018 by bzbarsky CSP3 CR

2
CSP 4 Feature Request: add new 'default' keyword to compose default-src sources into other directives
#321 opened Jul 17, 2018 by Jach
CSP violation report should not use redirect-mode: "error"
#320 opened Jul 13, 2018 by yutakahirano
I want all links on my website to be rel=noopener
#316 opened Jun 20, 2018 by kdzwinel

1
Clarification of term "parser-inserted"
#314 opened Jun 6, 2018 by nikitastupin
'strict-dynamic' should not be bound to only nonces/hashes
#309 opened Jun 4, 2018 by april

1
BackSwap type of attack
#308 opened May 26, 2018 by AliceWonderMiscreations

3
Update comment of directive value parsing
#307 opened May 24, 2018 by andypaicu

2
Consider dot-prefix domains for wildcard matching
#304 opened Apr 24, 2018 by 007

1
Grammar: Clarity regarding constraints applied to path-part (path-absolute) production
#303 opened Apr 21, 2018 by bathos
CSP 4 feature request: cookie policy
#301 opened Apr 7, 2018 by AliceWonderMiscreations Future

9
Directive to disallow external entities in SVG/XML?
#300 opened Apr 4, 2018 by Malvoz

1
frame-src, worker-src, child-src confusion
#299 opened Mar 28, 2018 by AliceWonderMiscreations

8
Add directive similar to ‘X-Content-Type-Options: nosniff’?
#298 opened Feb 28, 2018 by valtlai

2
Expose host in a 'host' source reference
#297 opened Feb 23, 2018 by emilfihlman
Remove gh-pages branch?
#296 opened Feb 23, 2018 by annevk
Potential wrong sha256 example in 'Hash usage for script elements'
#292 opened Feb 9, 2018 by AnujRNair
Consider hiding content attribute of meta tag CSP
#291 opened Jan 31, 2018 by vrastogi

5
`prerender` subresources and CSP
#284 opened Jan 11, 2018 by yoavweiss

11
Allow control over `dns-prefetch` and `preconnect`
#282 opened Jan 11, 2018 by annevk CSP3 CR

4

Previous 1 2 3 4 Next

ProTip! Type g i on any issue or pull request to go back to the issue listing page.