You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
We should create a bit that does the following:
for all domains allow-listed in CSP headers:
check if domain is listed in a list of configured dangerous domains.
This list could be a config_ooi listing domains like:
Is your feature request related to a problem? Please describe.
We should create a bit that does the following:
for all domains allow-listed in CSP headers:
check if domain is listed in a list of configured dangerous domains.
This list could be a config_ooi listing domains like:
Those domains can host any JS or files from anyone, which immediately negates the whole point of using CSP to allow only secure domains.
Describe alternatives you've considered
Dont use a config, just hard-code the list in the bit.
The text was updated successfully, but these errors were encountered: