Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Doesn't report on a CSP policy not being implemented #4

Open
Simon-Davies opened this issue Mar 26, 2019 · 1 comment
Open

Doesn't report on a CSP policy not being implemented #4

Simon-Davies opened this issue Mar 26, 2019 · 1 comment

Comments

@Simon-Davies
Copy link

Simon-Davies commented Mar 26, 2019

Is it possible to add an issue into the findings when a CSP policy is not implemented. I could modify the extension myself but I think it should be added to the approved version in the BApp Store.

@Simon-Davies Simon-Davies changed the title Doesn't report on no CSP policy being in place Doesn't report a CSP policy not being implemented Mar 26, 2019
@Simon-Davies Simon-Davies changed the title Doesn't report a CSP policy not being implemented Doesn't report on a CSP policy not being implemented Mar 26, 2019
@h3xstream
Copy link
Contributor

h3xstream commented Oct 27, 2021

Why I was hesitant

I was not a big fan to see the missing header as a weakness. It should be seen as defense in depth. It has the potential to pollute the burp scanning results (not totally since the issues are group).
But it makes sense if the CSP is applied in some locations of the website.. It should be enabled everywhere.

2021 update

Burp built-in rules now advertise missing CSP header.
burp_scanner

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants