Skip to content

Strict Content Security Policy #164

New issue
New issue
Open
Open
Strict Content Security Policy#164
Labels
bugSomething isn't working
@dillonstreator

Description

@dillonstreator
dillonstreator
opened on Jan 15, 2025

To enhance the security of the platform, I propose implementing a strict Content Security Policy (CSP). A well-defined CSP helps mitigate various types of attacks, such as cross-site scripting (XSS) and data injection attacks, by restricting the sources from which resources can be loaded.

Request:

  • Define a CSP that includes strict rules for resource sources.
  • Minimize unsafe-inline and unsafe-eval directives, as these can weaken CSP’s effectiveness.
  • Specify trusted domains for loading scripts, styles, images, and other resources.
  • Implement a reporting mechanism to log any policy violations.

Thank you for considering this request to improve the platform’s security posture. Let me know if I can provide additional details. Csper has a free tool for helping to generate the CSP.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions