Skip to content

Added Content-Security-Policy.#2564

Open
Fra3zz wants to merge 1 commit into
gchq:masterfrom
Fra3zz:CSP
Open

Added Content-Security-Policy.#2564
Fra3zz wants to merge 1 commit into
gchq:masterfrom
Fra3zz:CSP

Conversation

@Fra3zz

@Fra3zz Fra3zz commented Jun 15, 2026

Copy link
Copy Markdown

Description
Content-Security-Policy implemented to improve security against XSS attacks. All but one src utilizes "self", excluding inline styles. Inline scripts were placed into their own respective files in /src/web/index_assets.

Existing Issue
Partially fixes the issue #1486. Was unable to implement secure CSP for inline style.

Screenshots
No visual changes.

AI disclosure
No AI was utilized.

Test Coverage
No testing necessary. Console dose not produce any new errors.

@C85297

C85297 commented Jul 3, 2026

Copy link
Copy Markdown
Member

@Fra3zz thank you for creating this merge request - a Content Security Policy is a key priority for this project. However, as it is, I think this pull request contains a number of changes which could be split out into smaller pull requests before we tackle the Content Security Policy (e.g. removing inline CSS, removing inline JavaScript...). That would help us reviewers and increase our confidence in each change.

@HackingRepo

Copy link
Copy Markdown

yes a CSP will mitigate and reduce xss vulns, even happens

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants