Skip to content

05_MM_MY #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MathisMontegnies wants to merge 20 commits into
base: main
Choose a base branch
from
Open

05_MM_MY #24

MathisMontegnies wants to merge 20 commits into from

Conversation

@MathisMontegnies
Copy link

@MathisMontegnies MathisMontegnies commented Feb 15, 2023

CSP

imm8 and others added 20 commits February 9, 2023 00:51
@imm8
Enabled CSP with Meta
6cb28a2 
The rules enforced allow script, image, plus style resources to be loaded from the same origin, and Websocket connection to be established similarly.
@imm8
Update CSP rules
a5760f7 
Modified to permit inline styles to be inserted on the page and fonts to be fetched from the same origin.
@imm8
Merge pull request #1 from imm8/csp_patch_part_1_meta
1cd0f06 
Part 1: Meta
@imm8
Disabled CSP in Meta
39da63a 
To permit the Content-Security-Policy header sent by the server to be taken into consideration.
@imm8
Enabled CSP Config
5ac04e3 
The correct rules are now automatically served from the server upon receiving an HTTP request.
@imm8
Merge pull request #2 from imm8/csp_patch_part_1_spring
0555be7 
Part 2: Server-side CSP
@imm8
Inserted an Inline script
03d7cf5 
The added script appends an HTML formatted message to the page.
@imm8
Enable Reporting sample
159d11e 
Get verbose information about blocked scripts and later whitelist them.
@imm8
Enable Strict CSP
862502d 
It whitelists a single SHA256 hash for the scripts that invokes document.write().
@imm8
Merge pull request #3 from imm8/csp_patch_part_1_csp3
f8791f2 
Part 3: CSP3
@MathisMontegnies
Fixed dependencies
22b1774 
Timed annotation seems to be missing, a dependency for metrics-annotation has been added.
@MathisMontegnies
Implemented CSPResource class
0179556
@MathisMontegnies
Implemented CSP class
87315d8
@MathisMontegnies
Created CSPConfig class
6d538b2 
A class that acquires the random CSP nonce from the server using the API.
@MathisMontegnies
Loosened type for data
02d220e 
To remove Typescript errors, data is now of type any with no further checks.
@MathisMontegnies
Referenced CspConfig
40b4451 
Now it's one of the providers and dependency injection can be used afterwards.
@MathisMontegnies
Created AppComponent constructor
2277661 
Now it makes use of the CspConfig service and displays the CSP nonce on the debug console.
@imm8
Fixed CSPResource class
58389fb 
Removed an additional closing bracket.
@imm8
Merge pull request #4 from imm8/csp_patch_part_2_server
f6cc778 
Part 1: Server-side
@imm8
Merge pull request #5 from imm8/csp_patch_part_2_client
9bad16f 
Part 2: Client-side
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MathisMontegnies @imm8