Adding a Content-Security-Policy Header

Open otakuu opened this issue 2 years ago • 0 comments

Current Behavior

No CSP present:

Proposed Behavior

https://github.com/DependencyTrack/frontend/blob/master/docker/etc/nginx/conf.d/default.conf#L4 add_header Content-Security-Policy "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; manifest-src 'self'" always;

Checklist

[X] I have read and understand the contributing guidelines
[X] I have checked the existing issues for whether this enhancement was already requested

Jul 13 '23 14:07 otakuu