Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

False positive? #10

Open
Instantdr opened this issue Sep 7, 2023 · 0 comments
Open

False positive? #10

Instantdr opened this issue Sep 7, 2023 · 0 comments

Comments

@Instantdr
Copy link

Hi, I’ve noticed that the CSP auditor from the BApp Store assumes an implicit 'default-src' directive even if there is none specify in the policy. As an example, the following CSP policy is configured with just one directive which is weak.

Content-Security-Policy: frame-ancestors https://corpnet.com/ https://*.corpnet.com;

Should this be flagged as a weak CSP policy, rather than no issue?

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant