Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(X-)Content-Security-Policy #35

Open
mnot opened this issue Jul 20, 2011 · 4 comments
Open

(X-)Content-Security-Policy #35

mnot opened this issue Jul 20, 2011 · 4 comments
Labels
enhancement New feature or request

Comments

@mnot
Copy link
Owner

mnot commented Jul 20, 2011

response_analyse - check syntax, semantics
@anthonyryan1
Copy link

This is also something that would interest me, but it might be better to wait until it becomes more stable, there's still implementation differences between Firefox and Chrome.

@mnot
Copy link
Owner Author

mnot commented Oct 4, 2016

https://csp-evaluator.withgoogle.com

@mnot mnot changed the title X-Content-Security-Policy (X-)Content-Security-Policy Oct 4, 2016
@mnot
Copy link
Owner Author

mnot commented Oct 25, 2017

https://www.cspvalidator.org/

@mnot mnot mentioned this issue Sep 19, 2023
Open
@Malvoz
Copy link

Malvoz commented Nov 6, 2019

Also check that CSP applies to appropriate MIME-types, see w3c/webappsec#520. For reference, H5BP settled on matching against text\/(html|javascript)|application\/pdf|xml in their apache configs.

@mnot mnot transferred this issue from mnot/redbot Sep 19, 2023
@mnot mnot added the enhancement New feature or request label Sep 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mnot @anthonyryan1 @Malvoz