oreoshake
opened
Oct 28, 2017
#
content-security-policy
Here are 90 public repositories matching this topic...
OneForAll是一款功能强大的子域收集工具
python
osint
subdomain
content-security-policy
recon
bugbounty
information-gathering
pentest-tool
zone-transfers
subdomain-scanner
nsec
subdomain-takeover
subdomain-enumeration
subdomain-bruteforcing
subdomain-crawler
subdomain-collection
subdomian-find
oneforall
altname
crossdomainxml
-
Updated
Jul 3, 2020 - Python
bnomei
commented
Sep 1, 2019
the json example in the readme has no self in various params but the json file from the tests does have these set.
https://github.com/paragonie/csp-builder#example
https://github.com/paragonie/csp-builder/blob/e9a7560fd3f133a85f03c51de5fc051ac97630a7/test/vectors/basic-csp.json
for example i am guessing that using the example from the readme does not set self fore base-uri. but that might n
8
aidantwoods
commented
Dec 22, 2017
As hinted in aidantwoods/SecureHeaders#67 (comment), the public API could do with some better coverage.
PHP Secure Headers
php
secure-headers
csp
hsts
referrer-policy
laravel
laravel-package
content-security-policy
expect-ct
feature-policy
clear-site-data
-
Updated
May 12, 2020 - PHP
Zenexer
commented
Dec 8, 2018
- https://github.com/nico3333fr/CSP-useful/blob/master/csp-wtf/not-explained.md#blocked-uri-inline
- https://github.com/nico3333fr/CSP-useful/blob/master/csp-wtf/not-explained.md#onclick-attribute-on-menuitem-element
This happens if you don't allow inline scripts--that is, <script> with no src attribute, but rather embedded JavaScript. Inline JavaScript has to be explicitly allowed via `'in
Help secure .net core apps with various HTTP headers (such as CSP's)
-
Updated
Feb 3, 2019 - C#
A Burp Plugin for Detecting Weaknesses in Content Security Policies
-
Updated
Feb 24, 2016 - Python
Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
-
Updated
Nov 6, 2019 - Go
Check any website (or set of websites) for insecure security headers.
http
security
csp
hsts
referrer-policy
xframe-options
content-security-policy
headers
expect-ct
feature-policy
-
Updated
Apr 24, 2019 - Python
A CSP collector written in Golang
-
Updated
May 29, 2020 - Go
A Gatsby plugin which adds strict Content Security Policy to your project.
-
Updated
Aug 28, 2019 - JavaScript
security
csp
awesome
frontend
best-practices
content-security-policy
awesome-list
appsec
frontend-security
npm-audit
fe-sec
-
Updated
Oct 26, 2019
miguel-a-calles-mba
commented
Apr 15, 2020
I set the nuxt.config.js file with the following settings:
modules: [
'@nuxtjs/axios',
'@nuxtjs/pwa',
[
'@dansmaculotte/nuxt-security',
{
dev: false,
csp: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'"],
connectSrc: ["'self'"],
imgSrc: ["'self'"],
styA tiny (8.68Mb light standalone binary) static web server with customizable behavior, secure and monitored by default.
lightweight
golang
security
hsts
spa
owasp
http-header
http-server
file-server
content-security-policy
-
Updated
Jul 1, 2020 - Go
-
Updated
Mar 17, 2020 - Go
Content Security Policy engine for Go/Golang. Unit test your CSP rules!
-
Updated
Jun 9, 2019 - Go
bnomei
commented
Dec 7, 2018
Question:
Which policies should I create?
Answer:
The default values for this plugin are a good start and in most cases you just need to define some additional policies. Just make sure not to weaken the policies by enabling unsafe-inline etc. Try finding the secure way to do these things.
- Record what you use: https://addons.mozilla.org/en-US/firefox/addon/laboratory-by-mozilla/
2
brendanheywood
commented
Dec 4, 2019
ie lets say the directive name + value is 'img-src https:'' and we collect some violations. Then we add an exemption so now it's 'img-src https: *.example.com' and we collect more violations.
Now the data is split across two records, we want it to be grouped by 'img-src' regardless of how the policy changes over time.
Tasks:
- first col should be the directive name, we will group record
Downgrade content-security-policy version and fidelity to support the requesting browser
-
Updated
Apr 5, 2020 - JavaScript
Go HTTP Middleware with dynamic CSP nonce and much more
-
Updated
Aug 28, 2018 - Go
Content Security Policy Decomposer & Evaluator
-
Updated
Mar 10, 2019 - R
Content Security Policy plugin for Phalcon Framework
-
Updated
Aug 24, 2016 - PHP
A simple http header scanner
-
Updated
May 19, 2020 - Python
Plug module for generating a Content Security Policy header
-
Updated
Sep 8, 2019 - Elixir
A builder tool to help generate Content Security Policies in a type-safe way
-
Updated
Oct 15, 2019 - TypeScript
Generate a CSP header from your webpack build
-
Updated
Jan 21, 2018 - JavaScript
Build Iframe. Ignore X-Frame-Options, Content-Security-Policy, X-Content-Type-Options, X-Xss-Protection etc.
security
protection
content-security-policy
iframe
iframe-api
security-policy
x-frame-options
x-content-security-policy
x-content-type-options
-
Updated
Sep 4, 2019 - JavaScript
Makes CakePHP CSP supportable by removing inline javascript and inline styles.
plugin
csp
composer
cakephp
trait
content-security-policy
cakephp3
html-helper
cakephp-csp
formhelper
-
Updated
Apr 15, 2016 - PHP
Improve this page
Add a description, image, and links to the content-security-policy topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the content-security-policy topic, visit your repo's landing page and select "manage topics."