This repository has been archived by the owner on May 27, 2024. It is now read-only.

Content Security Policy #376

Open

jmfield2 opened this issue Nov 15, 2016 · 0 comments

Labels

Contributor

jmfield2 commented Nov 15, 2016

Since the webapp frontend makes heavy use of Javascript it would be nice to incorporate a CSP policy for proactive security..

There are tools to create a basic policy, and one might look like this:

allow 'self'; img-src 'self' api.mapbox.com; 
script-src www.google-analytics.com 'self' storage.googleapis.com ; 
style-src fonts.googleapis.com 'self' api.mapbox.com storage.googleapis.com cdn.materialdesignicons.com;

We just have to add this to the "Content-Security-Policy" HTTP header

The text was updated successfully, but these errors were encountered:

jmfield2 added the enhancement label

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.