You are not logged in.

#1 2017-08-24 22:33:10

Registered: 2015-08-10
Posts: 3,179

Content-Security-Policy header on

HTTP requests to our forum now carry some new HTTP headers, esp. Content-Security-Policy.

content-security-policy: default-src 'self'
referrer-policy: no-referrer-when-downgrade
x-xss-protection: 1

… which raises our score to an A in's scan. Nice. Who doesn't like getting As?

AFAICT Content-Security-Policy is going to break Greasemonkey for users who use custom scripts on our site, so let me know if you face any problems.

There is no competition between bugs. When you combine two awesome bugs, you get a totally awesome bug.


Board footer

Powered by FluxBB