Content Security Policy #139

Closed
opened 2022-11-23 16:36:53 +01:00 by tmb · 1 comment
Owner

Content-Security-Policy-Header setzten:

Content-Security-Policy: default-src 'none'; style-src 'self'; script-src 'self' 'nonce-…'; font-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none';

Zusätzlich wo nötig (django-crispy-forms-Formulare mit Dateiupload) 'unsafe-inline' bei style-src.

Content-Security-Policy-Header setzten: `Content-Security-Policy: default-src 'none'; style-src 'self'; script-src 'self' 'nonce-…'; font-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none';` Zusätzlich wo nötig (django-crispy-forms-Formulare mit Dateiupload) `'unsafe-inline'` bei `style-src`.
Author
Owner

img-src 'self' auch notwendig, damit das Favicon lädt.

`img-src 'self'` auch notwendig, damit das Favicon lädt.
tmb added reference issue/139 2022-11-26 09:32:37 +01:00
tmb closed this issue 2022-12-02 19:16:13 +01:00
tmb referenced this issue from a commit 2022-12-02 19:16:15 +01:00
Commenting is not possible because the repository is archived.
No milestone
No project
No assignees
1 participant
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: foerderverein/vereinsverwaltung#139
No description provided.