Check for CSP on private and public SVG files

Created on 19 December 2024, 3 days ago

Problem/Motivation

SVG files are risky. CSP can help mitigate those risks. There's work to add a CSP header in #2868079: Add a default Content-Security-Policy-header for svg files β†’ . This module is a great place to check if there is such a header.

Proposed resolution

Add a check for CSP header.

Remaining tasks

User interface changes

I'm not sure if this is a new check or possible in the existing headers to check check.

API changes

tbd.

Data model changes

tbd.

✨ Feature request
Status

Active

Version

3.1

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States greggles Denver, Colorado, USA

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024