255
What are these comments on lemmy posts?
(lemmy.sdf.org)
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
out of curiosity, what CSP options would fix this?
To prevent execution of scripts not referenced with the correct nonce:
To make it super strict, this set could be used:
Especially the last one might cause the most work, because the "modern web development environment" simply cannot provide this. Also:
form-action 'none';
should be validated. It should be set toself
if forms are actually used to send data to the server and not handled by Javascript.The MDN has a good overview: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy