Content Security Policy settings
-
-
- RustyR
- Hero Rocketeer
- Posts: 436
- Thanks: 1
-
Hi there,
I'm trying to make a Content Security Policy using the wizard at a website called report-uri.com. This wizard will show you the detected items on a website. I let it ran for a week and the detected items contained a lot of 'unsafe-inline', 'unsafe-eval' directives:
default-src 'unsafe-inline'
script-src-attr 'unsafe-inline'
script-src-elem 'unsafe-inline'
script-src 'unsafe-eval'
script-src 'unsafe-inline'
style-src-attr 'unsafe-inline'
style-src-elem 'unsafe-inline'
style-src 'unsafe-inline'
In my opinion the website will remain vulnerable when whitelisting these in the CSP. Are there specific directives that should have the 'unsafe-inline' or 'unsafe-eval' expressions for the Gantry framework and Rocket Theme templates to work properly?
Thanks in advance! - Last Edit: 7 months 2 days ago by RustyR.
-
-
-
- Matt
- Preeminent Rocketeer
- Posts: 21595
- Thanks: 3098
- messin' with stuff
-
I'm not sure we can answer your question. You can try asking on the Github or test and see.
github.com/gantry/gantry5 - Last Edit: 6 months 4 weeks ago by Matt.
- SEARCH the forum first! These boards are rich in knowledge and vast in topics. This includes searching just the 'Solved' forums, using Google, and using ChatGPT
-
Time to create page: 0.050 seconds