Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

recommend setting base-uri to 'none' (ideally), 'self' or at least a specific domain (rarely needed) in Content Security Policy #525

Closed
thestinger opened this issue Mar 23, 2021 · 2 comments · Fixed by #809
Closed

recommend setting base-uri to 'none' (ideally), 'self' or at least a specific domain (rarely needed) in Content Security Policy #525

thestinger opened this issue Mar 23, 2021 · 2 comments · Fixed by #809
Assignees
@mxsasha @baknu
Labels
content enhancement
Milestone
v1.7

Comments

@thestinger
Copy link

This controls the base URI set by the <base> feature. As far as I know, that's rarely used or at least is contained within the same origin. Nearly every site should be able to set this to none to get rid of the attack surface.
@baknu
Copy link
Contributor

baknu commented May 4, 2021

See also: #325 (comment)

@baknu baknu added this to the v1.5 milestone May 4, 2021
@baknu baknu modified the milestones: v1.5, v1.6 Nov 12, 2021
@mxsasha mxsasha self-assigned this Oct 20, 2022
mxsasha added a commit that referenced this issue Nov 17, 2022
@mxsasha
Fix #525 - Add requirement for base-uri in CSP check
05841fe
mxsasha added a commit that referenced this issue Nov 17, 2022
@mxsasha
Ref #525 - Cleanup test data repetition in CSP
40ad633
@mxsasha mxsasha linked a pull request Nov 17, 2022 that will close this issue
Fix #525, fix #524 - Add form-action and base-uri requirement to CSP #809
Merged
mxsasha added a commit that referenced this issue Jan 9, 2023
@mxsasha
Fix #525 - Add requirement for base-uri in CSP check
b0dffb1
mxsasha added a commit that referenced this issue Jan 9, 2023
@mxsasha
Ref #525 - Cleanup test data repetition in CSP
1902c1d
mxsasha added a commit that referenced this issue Jan 9, 2023
@mxsasha
Fix #525 - Add requirement for base-uri in CSP check
70f3951
mxsasha added a commit that referenced this issue Jan 9, 2023
@mxsasha
Ref #525 - Cleanup test data repetition in CSP
ef9a4a7
@mxsasha mxsasha mentioned this issue Jan 9, 2023
Merged
@baknu baknu mentioned this issue Mar 7, 2023
Closed
mxsasha added a commit that referenced this issue Mar 8, 2023
@mxsasha
Fix #525 - Add requirement for base-uri in CSP check
664475c
mxsasha added a commit that referenced this issue Mar 8, 2023
@mxsasha
Ref #525 - Cleanup test data repetition in CSP
78cc2ac
@mxsasha mxsasha closed this as completed in f5fcc99 Mar 8, 2023
@baknu baknu self-assigned this Mar 15, 2023
@baknu baknu mentioned this issue Mar 16, 2023
Closed
@baknu
Copy link
Contributor

baknu commented Mar 20, 2023

CSP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mxsasha mxsasha

@baknu baknu

Labels
content enhancement
Milestone
v1.7
Development

Successfully merging a pull request may close this issue.

Fix #525, fix #524 - Add form-action and base-uri requirement to CSP internetstandards/Internet.nl
3 participants
@mxsasha @thestinger @baknu