yourfolio icon indicating copy to clipboard operation
yourfolio copied to clipboard

Published 20 hours ago verified publisher icon serg

Content Security Policy and Subresource Integrity (SRI)

Open MUWalter opened this issue 3 years ago • 2 comments

Dear @serg,

This is not a bug, but in terms of security I was checking my page at https://webbkoll.dataskydd.net

Two things I don't get rid of:

  1. Content Security Policy

Although I added <meta http-equiv="Content-Security-Policy" content="default-src 'none' *; script-src 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; base-uri 'none' 'self' *; form-action 'none' *; form-action 'self' *; object-src 'none' *; frame-ancestors 'none'"> in basof.html I get the following issues:

CSR

  1. SRI

Maybe this could be implemented too in a future update.

sri

Keep up the good work!

MUWalter avatar May 17 '21 15:05 MUWalter

Can't help with point 1. But here is script with SRI for picturefill:

<script async src="https://cdn.jsdelivr.net/npm/[email protected]/dist/picturefill.min.js" integrity="sha256-iT+n/otuaeKCgxnASny7bxKeqCDbaV1M7VdX1ZRQtqg=" crossorigin="anonymous"></script>

serg avatar May 17 '21 15:05 serg

perfect, thanks!

result

MUWalter avatar May 17 '21 16:05 MUWalter