w3c / webappsec-csp Public

Notifications You must be signed in to change notification settings
Fork 78
Star 209

Code
Issues 171
Pull requests 8
Actions
Projects
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

Issues: w3c/webappsec-csp

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

171 Open 244 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

Assigning location.href to a javascript:... is a form of eval

#688 opened Nov 4, 2024 by dinofx

Should "Should navigation request of type be blocked by Content Security Policy?" set the violation object's element?

#687 opened Oct 24, 2024 by mbrodesser-Igalia

Introduce 'connect-certificate-hash' for WebTransport

#683 opened Oct 8, 2024 by jan-ivar

CSP headers are incorrect with multiple rules

#682 opened Oct 8, 2024 by letanloc1998

port-part being null is not handled

#680 opened Sep 13, 2024 by evilpie

Feedback request on not capturing the caller in new Function and indirect eval

#679 opened Sep 4, 2024 by nicolo-ribaudo

Should font-src reporting kick in on font-face reference or font request?

#677 opened Aug 22, 2024 by robinwhittleton

loading local stylesheets without self source

#676 opened Aug 13, 2024 by nizos

Consider using SecurityPolicyViolationEvent.sourceFile a USVString

#674 opened Jul 31, 2024 by emilio

CSP spec not user-friendly

#673 opened Jul 23, 2024 by galund

CSP Report Does Not Reflect Redirected Blocked Domains

#672 opened Jul 15, 2024 by ConardLi

Add new CSP sandbox directive to allow SameSite=None cookies on top-level frames

#664 opened May 24, 2024 by DCtheTall

frame-src is not effective in restricting the possible origins of subframes

#662 opened May 21, 2024 by antosart

Possibility to block all javascript: URLs

#658 opened Apr 30, 2024 by Sjord

Upstream trusted type changes

#651 opened Mar 14, 2024 by lukewarlow

Document columnNumber format

#649 opened Mar 13, 2024 by stefnotch

Google Analytics URLs

#648 opened Feb 29, 2024 by cristiandelgadod

"Is element nonceable" not applied to non-<script> elements in Chrome?

#643 opened Feb 12, 2024 by evilpie

service-worker-src directive

#638 opened Jan 17, 2024 by bakkot

Does "Is Element Nonceable" apply to non-inline scripts?

#635 opened Jan 12, 2024 by evilpie

Chrome/Safari trim nonces

#634 opened Jan 5, 2024 by evilpie

Resource hint blocking / "least restrictive" as specified does nothing?

#633 opened Dec 27, 2023 by evilpie

Some way to allow workers other than URL and strict-dynamic

#632 opened Dec 19, 2023 by bakkot

CSP:EE does not support Trusted Types CSP directives

#628 opened Dec 5, 2023 by tosmolka

Allow 'strict-dynamic' scripts to inject styles

#625 opened Nov 10, 2023 by vejja

Previous 1 2 3 4 5 6 7 Next

Previous Next

ProTip! Adding no:label will show everything without a label.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly