Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-11119

Set a Content-Security-Policy header on account/admin related forms

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2020-09-21
    • Component/s: None
    • Labels:
      None

      Description

      https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

      This can help prevent XSS/click-jacking on forms that are intended to be secure. For example, we can block all scripts from running on the change-password form unless they specifically come from musicbrainz.org or staticbrainz.org. (This header may interfere with userscripts on editing forms, so I'd leave it unset there.)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bitmap Michael Wiencek
              Reporter:
              bitmap Michael Wiencek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  2020-09-21