https://github.com/marschall/csp-hack

An exploration of how to make CSP work with Seaside.
https://github.com/marschall/csp-hack

content-security-policy nonce smalltalk

Last synced: 3 months ago
JSON representation

An exploration of how to make CSP work with Seaside.

Host: GitHub
URL: https://github.com/marschall/csp-hack
Owner: marschall
Created: 2022-08-28T14:43:54.000Z (over 2 years ago)
Default Branch: master
Last Pushed: 2022-09-14T06:58:21.000Z (over 2 years ago)
Last Synced: 2025-01-16T02:45:21.682Z (4 months ago)
Topics: content-security-policy, nonce, smalltalk
Language: Smalltalk
Homepage:
Size: 7.81 KB
Stars: 2
Watchers: 4
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        CSP Hack

========

Exploration of how to make [Content Security Policy](https://content-security-policy.com) work with Seaside.

The current approach works with a combination of:

- A filter that generates a nonce for every request, stores it in the request context and generates a CSP HTTP header.

- A custom document that makes sure a nonce is added to every `` element that does not already have it.

A custom script generator does not work since it can only add a nonce to `<script>` elements in the`<body>` but not `<script>` elements in `<head>`.  `<script>` elements in `<head>` need a nonce since the combination of `'self' 'nonce-'` does not work with Firefox only the combination of `'strict-dynamic' 'nonce-'` .

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/marschall/csp-hack

Awesome Lists containing this project

README