I want to add a new header Content-Security-Policy to my nginx conf in order to improve security. I've added all external sources and everything works fine except for the chatbot which is infobip. It uses wss protocol and for some…
I have a wordpress website that runs on a LAMP system. I tried to improve security (I'm far from being an expert!) and added a CSP header. Header set Content-Security-Policy "default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; frame-src https://www.google.com https://www.youtube.com; img-src…
I am working on a Magento 2 site with a custom extension to add a whitelist to Magento's CSP. I am running into an issue with the following error: "The Content-Security-Policy directive 'frame-ancestors' does not support the source expression ''unsafe-inline''"…
I am coding an unofficial twitter api for myself. Then I send a get to this api using the console screen in my browser with the following method. function httpGet(theUrl) { var xmlHttp = new XMLHttpRequest(); xmlHttp.open( "GET", theUrl, false…
I do not have any tracking on my Google Analytics... I do suspect that my Content-Security-Policy is wrong, even if the browser console is clean. This is what I currently have: Header always set Content-Security-Policy "script-src 'self' https: data: 'unsafe-inline'…
I have integrated the single-sign-on in our application using WsFedration(ADFS) after the sign-out, it's redirecting to the page as successfully log out and back to the login page. this follow is working correctly after hosting in the windows server, but…
We had a penetration testing and one of the findings were: "Missing Content-Security-Policy HTTP response header" We did a bit of research and found out how to set this in the web servers httpd.conf file. The problem is we don't…