Add possibility to add Content-Security-Policy header to deployment #7

New issue

Open

opened 2025-11-29 22:17:41 +01:00 by leon · 1 comment

leon commented 2025-11-29 22:17:41 +01:00

Owner

Copy link

e.g. by reading adding a .csp file which gets read and set by the pages server

e.g. by reading adding a `.csp` file which gets read and set by the pages server

leon added the

enhancement

label 2025-11-29 22:17:41 +01:00

leon commented 2025-11-29 22:33:41 +01:00

Author

Owner

Copy link

If this file does not exists, there should be a default policy of default-src 'self' 'unsafe-inline'.

Maybe also remove 'unsafe-inline'? This would prevent token stealing mechanisms?

If this file does not exists, there should be a default policy of `default-src 'self' 'unsafe-inline'`. Maybe also remove `'unsafe-inline'`? This would prevent token stealing mechanisms?

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

v1.0.1

v1.0.0

Labels

Clear labels   

bug

Something is not working

  

ci

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

bug

ci

duplicate

enhancement

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

leon/Forge-Pages#7

No description provided.