delphimvcframework icon indicating copy to clipboard operation
delphimvcframework copied to clipboard

Published 20 hours ago verified publisher icon danieleteti

Middleware for Content Security Policy (CSP) Headers

Open fastbike opened this issue 2 years ago • 3 comments
trafficstars

DMVC already has middleware for CORS and general Security Headers.

There is also a set of standards around Content Security Policy (CSP), designed to help detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Is there any plan to develop a middleware plugin ? Is anybody interested in collaborating if I was to start work on one ?

fastbike avatar Aug 24 '23 01:08 fastbike

Good point. I was planning to implement it but not in this time-frame. If you have something ready I can support for code-review.

danieleteti avatar Aug 30 '23 14:08 danieleteti

I'll add it to my todo list. We're using the OWASP ZAP tool - it provides some interesting insights.

fastbike avatar Aug 31 '23 08:08 fastbike