You are not logged in.

#1 2017-08-24 22:33:10

twoion
ほやほや
Registered: 2015-08-10
Posts: 2,227

Content-Security-Policy header on forums.bunsenlabs.org

HTTP requests to our forum now carry some new HTTP headers, esp. Content-Security-Policy.

content-security-policy: default-src 'self'
referrer-policy: no-referrer-when-downgrade
x-xss-protection: 1

… which raises our score to an A in securityheaders.io's scan. Nice. Who doesn't like getting As?

AFAICT Content-Security-Policy is going to break Greasemonkey for users who use custom scripts on our site, so let me know if you face any problems.


Im grünen Wald, dort wo die Drossel singt…

Offline

Board footer

Powered by FluxBB