Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Normal
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2020-09-21
-
Component/s: None
-
Labels:None
Description
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
This can help prevent XSS/click-jacking on forms that are intended to be secure. For example, we can block all scripts from running on the change-password form unless they specifically come from musicbrainz.org or staticbrainz.org. (This header may interfere with userscripts on editing forms, so I'd leave it unset there.)
Attachments
Issue Links
- is a dependency of
-
MBS-11058 Tighten security of OAuth service
-
- Closed
-