nl-kat-coordination icon indicating copy to clipboard operation
nl-kat-coordination copied to clipboard
verified publisher icon minvws

Answering question 'Disallowed CSP hostnames' by allowance in stead of denial

Open paulvandenbraken opened this issue 10 months ago • 2 comments

Please add one or more of the following labels to your issue: frontend backend design documentation community dependencies

About this feature

Detailed description

In its present form this questions requires evil sites. This overview is however not present and very volatile. More control can be provided to enter an allow list of external sites that are allowed to gather script etc. and a KAT finding if this is policy is violated.

In our usecase this must als be a sector-member (self-serviced) configurable setting since it requires to much effort to maintain for all sector-members.

Feature benefit/User story

Please also explain why this feature is important or necessary. What benefit does it bring to users? If possible, provide a user story format:

As a security-officer , I want to set this question based on allowance so that i have better control on the enforcement of it.

Specifications

Please add some specifications for the implementation. What needs to be implemented to match the design?

The implementation should include…

  • [1] allowance listing
  • [2] self serviced configuration by sector members

Additional information

Any additional information, considerations, or context that might be helpful for understanding or evaluating the feature request.

Design

This part should only be filled in by the OpenKAT design team.

Screenshots

Include screenshots of the proposed design changes here.

Figma link

Link to the Figma design for further visualization (if applicable)

Implementation

This part should only be filled in by the developers.

Possible solution

Outline your proposed solution for implementing the feature. You can include any specific ideas, designs, or functionalities here.

Alternatives considered

Describe any alternative approaches or solutions you've considered, and why you believe the proposed solution is superior.

paulvandenbraken avatar May 22 '25 09:05 paulvandenbraken

Interesting proposition. I think we can make that work? @noamblitz ?

underdarknl avatar May 27 '25 11:05 underdarknl

In itself, it seems pretty straightforward. This part, im not sure about:

In our usecase this must als be a sector-member (self-serviced) configurable setting since it requires to much effort to maintain for all sector-members.

noamblitz avatar May 27 '25 11:05 noamblitz