Skip to content

Content-Security-Policy#194

Open
aravinda3001 wants to merge 323 commits intoswagger-integrationfrom
dev
Open

Content-Security-Policy#194
aravinda3001 wants to merge 323 commits intoswagger-integrationfrom
dev

Conversation

@aravinda3001
Copy link

@aravinda3001 aravinda3001 commented Jun 4, 2021

Content-Security-Policy : Wildcard Directive

Changes proposed in the pull request

  • Ensure that web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.

Impact

The configurations either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action

Other information

Reference:
http://www.w3.org/TR/CSP2/
http://www.w3.org/TR/CSP/
http://caniuse.com/#search=content+security+policy
http://content-security-policy.com/
https://github.com/shapesecurity/salvation
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources

iammosespaulr and others added 30 commits January 20, 2018 00:18
@iammosespaulr
Create CODE_OF_CONDUCT.md
418a2d5
@iammosespaulr
Create ISSUE_TEMPLATE.md
ceb3a1c
@iammosespaulr
Update index.html
9e84b58
@iammosespaulr
Update LICENSE
3ef5b0a
@nandunbandara
Views issue fixed
ef1dc20
@nandunbandara
Travis configurations updated
38a0d7e
@nandunbandara
removed changes to .travis.yml
8335d5a
@tharindupr
Merge pull request #46 from iammosespaulr/patch-1
c66680c 
Update main.html   CORRECTING SPELLING ERRORS
@tharindupr
Merge pull request #47 from SidDevelop/patch-3
ad9c506 
Updated for clarity in subheadings
@tharindupr
Merge pull request #48 from SidDevelop/patch-2
134cd8f 
Updated for elaboration
@tharindupr
Merge pull request #49 from iammosespaulr/master
1c6cd48 
UI TESTING FRAMEWORK
@tharindupr
Merge pull request #53 from Kalyan3578/patch-1
11b2ce5 
Official chatroom badge added
@tharindupr
Merge pull request #55 from kmehant/master
6bde226 
Update Dockerfile and correct error
@tharindupr
Merge pull request #61 from Kalyan3578/patch-2
3c18961 
Create issue_template.md
@varunzxzx
remove env from git
fc8d4c5
@varunzxzx
seperating app and server
74e284b
@varunzxzx
improve code quality
ec91da6
@tharindupr
Merge pull request #73 from varunzxzx/remove-env
9179fdf 
Separate app and server for fast testing execution and getting coverage metrics of the code
@varunzxzx
error handling
8f0ba9e
@bhavyaagg
Remove unused variables from server.js and properly indent and format…
26b58b8 
… code in server.js

Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
@bhavyaagg
Update PR to improve Codacy Report
f884626 
Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
@bhavyaagg
Change var to const in server.js and www.js
84a2a83 
Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
@bhavyaagg
Update routes.js to use const/let instead of var
9bf3acb 
Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
@bhavyaagg
Fix typos in issue_template
6c65787 
Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
@bhavyaagg
Add status codes to the response
b66a5d3 
Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
@bhavyaagg
Update routes.js to send a response for every request
f81ec63 
Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
@bhavyaagg
Update PR to improve Codacy Report
5b9efad 
Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
@bhavyaagg
Update PR to improve Codacy Report-2
a1711e8 
Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
@bhavyaagg
Update PR to improve Codacy Report
80b8ff9 
Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
@bhavyaagg
Update PR to improve Codacy Report
94152e3 
Signed-off-by: Bhavya Aggarwal <bhavyaaggarwal1209@gmail.com>
shivamarora96 and others added 30 commits August 3, 2018 22:55
@shivamarora96
Merge branch 'master' into master
d1e0bd2
@nandunbandara
Merge branch 'master' of https://github.com/scorelab/Stackle into ang…
589a351 
…ular2-stacks

# Conflicts:
#	stackle_api/package-lock.json
@psnmissaka
Merge pull request #136 from shivamarora96/master
f7149a0 
PostLikes Array Added in Userschema .Comments and Replies Enpoints added
@nandunbandara
User profile details from Auth0 login
6b7ddb0
@nandunbandara
user profile changes
0272833
@shivamarora96
Merge pull request #1 from scorelab/master
5ef74a6 
Merge pull request #136 from shivamarora96/master
@shivamarora96
Beautifying Code
bfefa15
@nandunbandara
Stack changes
c012a1c
@nandunbandara
Merge branch 'master' of https://github.com/scorelab/Stackle into ang…
f64d40a 
…ular2-stacks
@nandunbandara
Authentication integrated with callback in the frontend
a57edb1
@nandunbandara
User avatar and user setting on creating a post
e842cd9
@nandunbandara
Fixed issue with loading stacks. Endpoint changed.
dd9ab87
@nandunbandara
Implementation to load github app access in the same window.
e70ce59
@nandunbandara
Fixed issue in profile
6fc599f
@nandunbandara
Subscribed orgs in create post view
d630138
@nandunbandara
View posts by org implemented
9fa4da1
@nandunbandara
Navigate to subscribed stack implemented
82ec86d
@nandunbandara
Post view formatting
7f51f0b
@nandunbandara
Navigation to post fixed in org view
b6023c0
@nandunbandara
Fixed issue in profile retrieval
e8ee81c
@psnmissaka
Merge pull request #139 from shivamarora96/master
f8977f4 
Beautifying Code
@nandunbandara
Fixed issues in code
def2265
ui fixes
95a70a2
profile avatar
03f9c57
@psnmissaka
Merge pull request #140 from ntbandara3/angular2-stacks
fc33c23 
Stacks Functionality Implementation
fixed conflicts
015eb34
@psnmissaka
Merge pull request #144 from VibhorCodecianGupta/ui
0d80976 
UI improvements
@psnmissaka
Removes old front-end app directory written with AngularJS
cb38450
@psnmissaka
Updates setup instructions
43a4c95
@psnmissaka
Adds a temporary pull request template
3e17d36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.