Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-11119

Set a Content-Security-Policy header on account/admin related forms

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2020-09-21
    • Component/s: None
    • Labels:
      None

      Description

      https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

      This can help prevent XSS/click-jacking on forms that are intended to be secure. For example, we can block all scripts from running on the change-password form unless they specifically come from musicbrainz.org or staticbrainz.org. (This header may interfere with userscripts on editing forms, so I'd leave it unset there.)

        Attachments

          Issue Links

          is a dependency of

          Improvement - An improvement or enhancement to an existing feature or task. MBS-11058 Tighten security of OAuth service

          • Normal - Loss of function, or other unwanted behavior.
          • Closed

            Activity

              People

              Assignee:
              bitmap Michael Wiencek
              Reporter:
              bitmap Michael Wiencek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  2020-09-21