You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I’ve noticed that the CSP auditor from the BApp Store assumes an implicit 'default-src' directive even if there is none specify in the policy. As an example, the following CSP policy is configured with just one directive which is weak.
Hi, I’ve noticed that the CSP auditor from the BApp Store assumes an implicit 'default-src' directive even if there is none specify in the policy. As an example, the following CSP policy is configured with just one directive which is weak.
Content-Security-Policy: frame-ancestors https://corpnet.com/ https://*.corpnet.com;
Should this be flagged as a weak CSP policy, rather than no issue?
Thanks
The text was updated successfully, but these errors were encountered: