Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content Security Policy and Subresource Integrity (SRI) #12

Open
MUWalter opened this issue May 17, 2021 · 2 comments
Open

Content Security Policy and Subresource Integrity (SRI) #12

MUWalter opened this issue May 17, 2021 · 2 comments

Comments

@MUWalter
Copy link

Dear @serg,

This is not a bug, but in terms of security I was checking my page at https://webbkoll.dataskydd.net

Two things I don't get rid of:

  1. Content Security Policy

Although I added <meta http-equiv="Content-Security-Policy" content="default-src 'none' *; script-src 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; base-uri 'none' 'self' *; form-action 'none' *; form-action 'self' *; object-src 'none' *; frame-ancestors 'none'"> in basof.html I get the following issues:

CSR

  1. SRI

Maybe this could be implemented too in a future update.

sri

Keep up the good work!
@serg
Copy link
Owner

serg commented May 17, 2021

Can't help with point 1.
But here is script with SRI for picturefill:

<script async src="https://cdn.jsdelivr.net/npm/[email protected]/dist/picturefill.min.js" integrity="sha256-iT+n/otuaeKCgxnASny7bxKeqCDbaV1M7VdX1ZRQtqg=" crossorigin="anonymous"></script>

@MUWalter
Copy link
Author

perfect, thanks!

result

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@serg @MUWalter