Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implémenter la CSP (réduction des attaques XSS) #1952

Closed
hmeneuvrier opened this issue Nov 21, 2023 · 2 comments
Closed

Implémenter la CSP (réduction des attaques XSS) #1952

hmeneuvrier opened this issue Nov 21, 2023 · 2 comments
Assignees
@sfinx13
Labels
Dev S Tech - sécurité v1.14.4
Milestone
v1.14.4

Comments

@hmeneuvrier
Copy link
Collaborator

hmeneuvrier commented Nov 21, 2023
edited by sfinx13
Loading

Content Security Policy (CSP) header not implemented

X-XSS-Protection header not implemented (Voir commentaire)

X-Content-Type-Options header not implemented

http://dashlord.mte.incubateur.net/dashlord/url/histologe-beta-gouv-fr/securite/#http

https://github.com/search?q=org%3AMTES-MCT%20CSP&type=code
@sfinx13
Copy link
Collaborator

sfinx13 commented Dec 8, 2023

Non-standard: This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

@sfinx13 sfinx13 added this to the Securité milestone Dec 12, 2023
@sfinx13
Copy link
Collaborator

sfinx13 commented Jan 9, 2024

Exemple d'erreur
image

sfinx13 added a commit that referenced this issue Jan 9, 2024
@sfinx13
adding missing security headers includings csp #1952
776bc40
@sfinx13 sfinx13 mentioned this issue Jan 9, 2024
Merged
3 tasks
sfinx13 added a commit that referenced this issue Jan 9, 2024
@sfinx13
add csp directive #1952
1e7abd3
sfinx13 added a commit that referenced this issue Jan 9, 2024
@sfinx13
fix nginx directive to allow image loading for usager #1952
c401858
sfinx13 added a commit that referenced this issue Jan 10, 2024
@sfinx13
update condition #1952
b3d3bd2
@numew numew added the v1.14.4 label Jan 12, 2024
@numew numew closed this as completed Jan 12, 2024
@mathildepoulpux mathildepoulpux moved this to Anciens sprint (archivage) in Produit Histologe 🏡 Jun 5, 2024
@mathildepoulpux mathildepoulpux modified the milestones: Securité, v1.14.4 Jun 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sfinx13 sfinx13

Labels
Dev S Tech - sécurité v1.14.4
Projects
Produit Histologe 🏡
Status: En prod
Milestone
v1.14.4
Development

No branches or pull requests
4 participants
@sfinx13 @numew @hmeneuvrier @mathildepoulpux