rugk
rugk
The goal is to remove `unsafe-eval` from the CSP of PrivateBin. ## Reason it is included > The `unsafe-eval` is required in Chrome and Safari for WASM loading. If not...
## Problem I just re-read a recent ZAP report and stumbled [about this CSP warning](https://github.com/PrivateBin/docker-nginx-fpm-alpine/issues/69): > The following directives either allow wildcard sources (or ancestors), are not defined, or are...
People continue to use our security email for reporting content on other PrivateBin instances. See https://github.com/PrivateBin/PrivateBin/issues/673 e.g. Maybe we could thus: * add a text at the bottom that is...
Maybe a suggestion to make life easier for the ones, who want read-only (or similar) support (see https://github.com/PrivateBin/PrivateBin/issues/384), which currently has to be done in webservers. So maybe: * (optionally)...
[PHPStan](https://phpstan.org/) looks like a good candidate/static code analysation tool, [and from the description it looks quite reasonable](https://phpstan.org/blog/find-bugs-in-your-code-without-writing-tests) – also with low false-positives, I hope. :upside_down_face: At least it claims to...
Google has just released a [CSP testing tool](https://csp-evaluator.withgoogle.com/) and some more [detailed information about CSP](https://csp.withgoogle.com/docs/index.html). They mention some interesting things: 1. There is a new ['strict-dynamic'](https://www.chromestatus.com/feature/5633814718054400) being created. 2. `unsafe-inline`...
It seems [to cover](https://slscan.io/en/latest/#supported-languages-frameworks) PHP including license check in addition to dependency scanning. Ref https://github.com/PrivateBin/PrivateBin/issues/504 and https://github.com/PrivateBin/PrivateBin/issues/741
https://scotthelme.co.uk/a-new-security-header-feature-policy/ I guess it will be easy to add, because we certainly don't use any of these features. Or maybe "gyroscope" or so may be used by the random number...
Based on https://github.com/PrivateBin/PrivateBin/issues/2 and https://github.com/PrivateBin/PrivateBin/issues/177 the idea grow of federation between PB instances. The aim is to have one PB instance, which you trust, where you can load or save...
Split out of https://github.com/PrivateBin/PrivateBin/issues/276 The softcron may leave empty directories on the disk. This: * may cause the softcron process to get ineffectively over time and potentially delete fewer pastes...