Libravatar (obsolete)

Overview
Code
Bugs
Blueprints
Translations
Answers

CSP policies should use "default-src 'none'"

Bug #1380488 reported by François Marier on 2014-10-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Libravatar (obsolete)	Fix Released	Medium	François Marier

Bug Description

As suggested in the CSP Level 2 spec (http://www.w3.org/TR/CSP11/#default-src-usage), we should use a "default-src 'none'" directive to disable all of the features we don't currently use (e.g. object-src, font-src and media-src).

See original description

Tags:

François Marier (fmarier) on 2014-10-13

description:	updated
Changed in libravatar:
status:	Confirmed → Fix Committed

François Marier (fmarier) on 2014-11-06

Changed in libravatar:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.