Improving the CSP module

[RMI78]

This isn't an issue but more an idea. When testing the CSP module, I found it checks a few common CSP directives. Then I stumbled upon this website and thought it would be great to inspire ourselve from it in order to complete the module.

A good first issue would be to detect if the CSP directives exists or are correctly spelled, then see with this website if we can add some more risky directives to detect.

[devl00p]

Indeed it is interesting :)

[marcoczen]

This isn't an issue but more an idea. When testing the CSP module, I found it checks a few common CSP directives. Then I stumbled upon this website and thought it would be great to inspire ourselve from it in order to complete the module.

A good first issue would be to detect if the CSP directives exists or are correctly spelled, then see with this website if we can add some more risky directives to detect.

The site you recommended - https://csp-evaluator.withgoogle.com/ - was a life saver for me. With wapiti v3.1.8 , I kept getting error

'CSP 'object-src' value is not safe'

This got me stumped as i had it as 'self'. I tried the host url too. Became nuts running wapiti over and over ... Thankfully the site above suggested 'none' as the correct value.