Show Navigation

Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

Eliot: unleashed (eliotberriot@mastodon.eliotberriot.com)'s status on Wednesday, 10-Jul-2019 09:30:48 EDT Eliot: unleashed

If you have some knowledge in web security and Content Security Policy, would you mind having a look at https://dev.funkwhale.audio/funkwhale/funkwhale/merge_requests/826 ?
This is an attempt to harden the security of the web UI via a CSP (and some additional HTTP headers) and to reduce the attack surface in case of exploits.
#security #funkwhale #helpwanted
In conversation Wednesday, 10-Jul-2019 09:30:48 EDT from mastodon.eliotberriot.com permalink
Attachments
1. File without filename could not get a thumbnail source.
  
  Resolve "Improve the security via HTTP headers" (!826) · Merge Requests · funkwhale / funkwhale
  
  from GitLab
  
  Closes #880 The two first commits are not directly related, but were needed to test production-like CSP headers in development. - [x] Removed calls to `eval()` in javascript code (needed...

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.