This repository has been archived by the owner on Nov 24, 2022. It is now read-only.
Validation of CSP #28
Comments
|
Agreed. I'm already planning to move most analysis stuff to the JS "backend" part. This should make it easier to add validation because it looks there are a bunch of CSP validation/parsing things in the Node.js world. (Our current code is an Elixir reimplementation of the CSP stuff from https://github.com/mozilla/http-observatory, whose future seems uncertain because the author left Mozilla several months ago and nobody has done anything since.) |
|
I had a look at the code, but decided that I didn't want to learn Elixir. I'm already working on some Puppeteer stuff, so if you move to Node, I'll probably be able to do some patching on my own. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I had a server with an invalid CSP header. I got a lot of strange errors until I figured out the main culprit. It would be beneficial to make sure that the values checked are actually syntactically correct, before checking them for privacy/security. This probably applies to other values as well.
The text was updated successfully, but these errors were encountered: