Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Tightened CSP and added 2 new security headers.
CSP New rule: default-src 'none'; script-src 'self'; img-src 'self' data:; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=';font-src 'self';connect-src 'self' faucet.decred.org explorer.dcrdata.org testnet.dcrdata.org testnet.decred.org mainnet.decred.org;manifest-src 'self'; object-src 'none';
1.By default allow none
2.Script allow "self"
3.Images allow "self" and "data:" (used in proposals)
4.Styles (CSS) allow "self" and one whitelisted inline CSS.
5.Font allow "self"
6.Connect allow "self" ; faucet.decred.org ; explorer.dcrdata.org ; testnet.dcrdata.org ; testnet.decred.org ; mainnet.decred.org
7.Manifest allow "self"
8. Object set to "none"
New Security Headers:
Header set X-Content-Type-Options "nosniff" ==> fixes a chrome and IE specific issue. https://scotthelme.co.uk/hardening-your-http-response-headers/ look under "X-Content-Type-Options"
Header set Referrer-Policy "same-origin" ==> Defines that "referrer" value should only be given in "same-origin" requests. (https://scotthelme.co.uk/a-new-security-header-referrer-policy/)