Strict Content Security Policy

[dillonstreator]

To enhance the security of the platform, I propose implementing a strict Content Security Policy (CSP). A well-defined CSP helps mitigate various types of attacks, such as cross-site scripting (XSS) and data injection attacks, by restricting the sources from which resources can be loaded.

Request:

• Define a CSP that includes strict rules for resource sources.
• Minimize unsafe-inline and unsafe-eval directives, as these can weaken CSP’s effectiveness.
• Specify trusted domains for loading scripts, styles, images, and other resources.
• Implement a reporting mechanism to log any policy violations.

Thank you for considering this request to improve the platform’s security posture. Let me know if I can provide additional details. Csper has a free tool for helping to generate the CSP.

[github-actions]

Hello @dillonstreator, thanks for contributing to the Password Pusher community! We will respond as soon as possible.

[pglombardo]

Thanks @dillonstreator - good point! I'll see if I can add this soon. I'll post back here once I have something.