Questions tagged [content-security-policy]
24 questions
0
votes
2 answers
Prevent Unjoined-to-domain computers from connecting to my network
How to prevent any computer that is not joined to the domain from requesting any service from my network? Considering that the computer is on another network.
Alaa AlHafez
- 11
- 1
- 4
0
votes
1 answer
CSP response header causes firefox to abort loading of website
only in Firefox (recent and legacy) a website of mine is answered with a status code 200 but Firefox simply aborts without any error message. The server logs also show no issue. By going through the settings I pinned it down to the CSP header.
Does…
mikeg
- 1
- 1
0
votes
0 answers
nginx csp config to big
So I have this website with just so many things in the CSP. I recently noticed if added just one more url to the CSP it would no longer pass the nginx configtest. My best guess was it's due to the length of the CSP header or the actual config file…
benikens
- 319
- 1
- 2
- 10
0
votes
0 answers
Setting "Content-Security-Policy default-src https:" breaks site
I need to set the Content-Security-Policy header to allow loading scripts from any HTTPS source. When I add the following line to my nginx configuration, the look and feel of the site breaks. What am I missing?
add_header Content-Security-Policy…
electrophile
- 101
- 1
0
votes
1 answer
Possible to create policy limiting firewall rules in GCP?
Does anyone know if it's possible to create an organizational policy that would prevent the use of having a source set to 'any' for specific ports on firewall rules in GCP?
For example, I want to prevent users from creating firewall rules that use…
user3723206
- 3
- 1
0
votes
1 answer
Cloudflare + Apache + CSP Headers: Old CSP headers are returned
We are using apache2 on our server, which is behind cloudflare (free plan).
I am currently implementing googles recaptcha, which requires me to make changes to our CSP headers.
What I did:
Change CSP in Apache
Run apachectl configtest - all…
Felix Hagspiel
- 101
- 2
0
votes
1 answer
How do I remove a HTTP header in Apache, if a certain IP access it?
How can I unset single/multiple HTTP headers when my website is accessed by a particular IP address? Because my CSP config blocks some local pages from loading properly. For example, if I have phpMyAdmin, but I cannot use it locally because CSP is…
user549144
0
votes
0 answers
Content-Security-Policy issues
I'm running NGINX as a reverse proxy and I4ve set the Content-Security-Policy header and I'm running into problems with some directives.
I get the following errors in the console:
Unrecognized Content-Security-Policy directive…
Sven Cazier
- 101
- 1
0
votes
0 answers
Why doesn't nginx proxy_hide_headers directive work in this case?
I have an nginx server block like this, and I am trying to use the proxy_hide_header directive to hide the Content-Security-Policy response header from the proxied server because I am not running an SSL server in a local environment and so the…
jonseymour
- 243
- 1
- 4
- 13