[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2136: Use Content-Security-Policy to harden the WUI
Tahoe-LAFS
trac at tahoe-lafs.org
Tue Jul 22 17:23:04 UTC 2014
#2136: Use Content-Security-Policy to harden the WUI
-----------------------------+---------------------------------------------
Reporter: freddyb | Owner: daira
Type: defect | Status: new
Priority: normal | Milestone: undecided
Component: code- | Version: 1.10.0
frontend-web | Keywords: csp wui security xss javascript
Resolution: |
Launchpad Bug: |
-----------------------------+---------------------------------------------
Comment (by daira):
Let's include these headers:
{{{
Content-Security-Policy: sandbox
X-Content-Security-Policy: sandbox
X-Webkit-CSP: sandbox
X-Frame-Options: DENY
}}}
(The first three are CSP; the last one is for framebusting #1455).
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2136#comment:4>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list