Allow multiple headers when parsing CSP #466
Comments
|
Hey! |
I desperately need your help addressing a findec issue on the 168 string. It seems like the code has exposed the codecKext to the security issues that Tim B. warned about. Trying to get aligned with the CSP3 pol requirements with the M! silicon. What kinds of solutions are you familiar with? |
|
MDN2 |
|
Hello, I see that after commit a422b3a scanner stopped analyzing the CSP in . Now I get only "none" in all CSPs and page score is incorrect (too high). |
|
For which website? I just tested a few with different CSP configs and they produced the correct result. |
|
Looks like this has been a bug for many years, based on the scan history.
If you want to open up a new issue, with the contents of the CSP header and mention me in it, I’ll be happy to take a look.
Thanks!
…On Nov 14, 2022 at 7:11 AM -0600, Antoni Roszak ***@***.***>, wrote:
https://shop.rockwool.com
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were assigned.Message ID: ***@***.***>
|
The current code only allows a singular CSP policy, which is technically not correct according to CSP3.
Update the code so that it can handle multiple CSP policies, by combining them together.
The text was updated successfully, but these errors were encountered: