Explore >> Select a destination
|
You are here 
|
zacbrown.org | ||
| | | | |
ole.michelsen.dk
|
|
| | | | | Protect your website against cross-site scripting (XSS) with a content security policy (CSP) with a custom header in Apache, nginx or IIS. | |
| | | | |
blog.freeradical.zone
|
|
| | | | | I'm serving Free Radical's images etc. from S3. When I updated to Mastodon v2.1.0, I noticed that all the page's images were missing. Safari's Show JavaScript Console menu revealed a lot of errors like: [Error] Refused to load https://s3-us-west-2.amazonaws.com/freeradical-system/accounts/avatars/000/014/309/static/91f9782fad3f6284.png because it does not appear in the img-src directive of the Content Security Policy. Turns out that some time between the releases of v2.0.0 and v2.1.0, the Mastodon switch... | |
| | | | |
www.ayush.nz
|
|
| | | | | HTTP security headers: Content-Security-Policy | |
| | | | |
www.cloudwithchris.com
|
|
| | | In my blog post earlier this week, I mentioned that I recently spoke at the Northern Azure User Group. The other speaker for the evening was Scott Hanselman, who talked about his journey moving a 17 year old .NET App into Azure. This was his blog. Along the way, he called out some of the tools that he used along the way. One was a tool called securityheaders.com. As any engaged listener does, I took note of the tools that he used, and added them to my cloudwithchris.com backlog during the talk. When I later investigated the initial rating of the site, I received a score of an F - which appears to be the lowest possible score that you can receive! Given that I only allow HTTPS traffic to my site, I was surprised by this - so I begun looking into the recommendations further. | ||
