Jonkman Microblog
  • Login
Show Navigation
  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Eliot: unleashed (eliotberriot@mastodon.eliotberriot.com)'s status on Wednesday, 10-Jul-2019 09:30:48 EDT Eliot: unleashed Eliot: unleashed

    If you have some knowledge in web security and Content Security Policy, would you mind having a look at https://dev.funkwhale.audio/funkwhale/funkwhale/merge_requests/826 ?

    This is an attempt to harden the security of the web UI via a CSP (and some additional HTTP headers) and to reduce the attack surface in case of exploits.

    #security #funkwhale #helpwanted

    In conversation Wednesday, 10-Jul-2019 09:30:48 EDT from mastodon.eliotberriot.com permalink

    Attachments

    1. File without filename could not get a thumbnail source.
      Resolve "Improve the security via HTTP headers" (!826) · Merge Requests · funkwhale / funkwhale
      from GitLab
      Closes #880 The two first commits are not directly related, but were needed to test production-like CSP headers in development. - [x] Removed calls to `eval()` in javascript code (needed...
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.