Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecated CSPs directives #3

Open
Hipapheralkus opened this issue Nov 14, 2017 · 1 comment
Open

Deprecated CSPs directives #3

Hipapheralkus opened this issue Nov 14, 2017 · 1 comment
Assignees
@moloch--
Labels
enhancement

Comments

@Hipapheralkus
Copy link

Hi,
I noticed that some CSP directives reported by this extender are obsolete, and are reported by your tool. Is it possible to update this extender accordingly?

This feature is obsolete. Although it may still work in some browsers, its use is discouraged since it could be removed at any time. Try to avoid using it.

This was removed from CSP2, never added to CSP3, and will not ship in any other browser. We should remove it, as it is completely redundant with X-XSS-Protection, which is never going away.

Thanks
@moloch-- moloch-- self-assigned this Nov 14, 2017
@moloch--
Copy link
Owner

Yea i've been meaning to get on this for a little while, there's also the new 'strict-dynamic' script-src which is pretty interesting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@moloch-- moloch--

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moloch-- @Hipapheralkus