- Issue created by @greggles
SVG files are risky. CSP can help mitigate those risks. There's work to add a CSP header in #2868079: Add a default Content-Security-Policy-header for svg files β . This module is a great place to check if there is such a header.
Add a check for CSP header.
I'm not sure if this is a new check or possible in the existing headers to check check.
tbd.
tbd.
Active
3.1
Code