Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document minimal Content-Security-Policy? #301

Open
cyphar opened this issue Jun 29, 2020 · 2 comments
Open

Document minimal Content-Security-Policy? #301

cyphar opened this issue Jun 29, 2020 · 2 comments
Assignees
@emckean
Labels
security user guide Improvements to user guide
Milestone
24Q4

Comments

@cyphar
Copy link

cyphar commented Jun 29, 2020

Is it possible for there to be documentation on exactly what the minimal CSP is if you use docsy as your Hugo theme? It's a requirement of the Core Infrastructure Initative's Best Practices that project websites have the correct security headers set, and most Hugo themes I've seen don't seem to specify whether they require things like unsafe-inline or unsafe-eval (and many of them do).
@LisaFC
Copy link
Collaborator

LisaFC commented Jun 29, 2020

@emckean, can you look into this? Thanks!

This was referenced Aug 17, 2021
Open
Open
This was referenced Sep 15, 2021
Open
Open
@snyk-bot snyk-bot mentioned this issue Oct 29, 2021
Open
@sawp-d
Copy link

sawp-d commented Mar 14, 2022
edited
Loading

Is there any update on this? I just started using Docsy and love it, though I'm a bit unsure how to set a CSP header when it looks like there may be many URIs to use. Or do you have any suggestions on disabling inline style and moving to external CSS?

@MaxMood96 MaxMood96 mentioned this issue May 13, 2022
Open
@emckean emckean self-assigned this Aug 4, 2023
@emckean emckean added the user guide Improvements to user guide label Aug 4, 2023
This was referenced Nov 27, 2023
Open
Open
Open
Open
@MaxMood96 MaxMood96 mentioned this issue Dec 20, 2023
Open
This was referenced May 14, 2024
Open
Open
@chalin chalin added this to the 24Q4 milestone Oct 3, 2024
@chalin chalin added the security label Oct 3, 2024
@chalin chalin mentioned this issue Oct 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emckean emckean

Labels
security user guide Improvements to user guide
Projects
None yet
Milestone
24Q4
Development

No branches or pull requests
5 participants
@emckean @cyphar @chalin @LisaFC @sawp-d