Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / w3c/webappsec-csp issues and pull requests
#582 - Use "least restrictive" directive instead of `prefetch-src`
Pull Request -
State: closed - Opened by noamr over 1 year ago
- 8 comments
#581 - Remove initialization hook
Issue -
State: open - Opened by antosart over 1 year ago
#581 - Remove initialization hook
Issue -
State: open - Opened by antosart over 1 year ago
#580 - Fix references to html after navigation and session history rewrite
Pull Request -
State: closed - Opened by antosart over 1 year ago
- 2 comments
#580 - Fix references to html after navigation and session history rewrite
Pull Request -
State: closed - Opened by antosart over 1 year ago
- 2 comments
#579 - Should we replace browsing contexts with navigables?
Issue -
State: closed - Opened by antosart over 1 year ago
- 2 comments
#579 - Should we replace browsing contexts with navigables?
Issue -
State: closed - Opened by antosart over 1 year ago
- 2 comments
#578 - Fix for each iterations referring to infra
Pull Request -
State: closed - Opened by antosart over 1 year ago
- 2 comments
#577 - Directive's value is a set
Issue -
State: closed - Opened by annevk over 1 year ago
#577 - Directive's value is a set
Issue -
State: closed - Opened by annevk over 1 year ago
#576 - Broken references in Content Security Policy Level 3
Issue -
State: closed - Opened by dontcallmedom-bot over 1 year ago
- 1 comment
#576 - Broken references in Content Security Policy Level 3
Issue -
State: closed - Opened by dontcallmedom-bot over 1 year ago
- 1 comment
#575 - `'report-hash'`: Adding hashes of blocked content to violation reports
Issue -
State: open - Opened by arturjanc over 1 year ago
- 5 comments
#574 - Enable CSP3 `'unsafe-hashes'` for script `src` attributes
Issue -
State: open - Opened by arturjanc over 1 year ago
- 4 comments
#574 - Enable CSP3 `'unsafe-hashes'` for script `src` attributes
Issue -
State: open - Opened by arturjanc over 1 year ago
- 4 comments
#573 - CSS and JSON module scripts
Issue -
State: closed - Opened by annevk over 1 year ago
#573 - CSS and JSON module scripts
Issue -
State: closed - Opened by annevk over 1 year ago
#572 - Fix references to other specs
Pull Request -
State: closed - Opened by antosart over 1 year ago
#572 - Fix references to other specs
Pull Request -
State: closed - Opened by antosart over 1 year ago
#571 - Broken references in Content Security Policy Level 3
Issue -
State: closed - Opened by dontcallmedom-bot over 1 year ago
#570 - How to block javascript injection in app webview.
Issue -
State: closed - Opened by lufengd3 over 1 year ago
- 4 comments
#570 - How to block javascript injection in app webview.
Issue -
State: closed - Opened by lufengd3 over 1 year ago
- 4 comments
#569 - Fix validation of CSS markup
Pull Request -
State: closed - Opened by antosart over 1 year ago
- 2 comments
#569 - Fix validation of CSS markup
Pull Request -
State: closed - Opened by antosart over 1 year ago
- 2 comments
#568 - Define securitypolicyviolation event
Pull Request -
State: closed - Opened by tidoust over 1 year ago
- 6 comments
#568 - Define securitypolicyviolation event
Pull Request -
State: closed - Opened by tidoust over 1 year ago
- 6 comments
#567 - Add support for the webidentity destination
Pull Request -
State: closed - Opened by cbiesinger almost 2 years ago
- 4 comments
#566 - Fix link to updated reporting interface
Pull Request -
State: closed - Opened by antosart almost 2 years ago
#566 - Fix link to updated reporting interface
Pull Request -
State: closed - Opened by antosart almost 2 years ago
#565 - Link to updated reporting interface
Issue -
State: closed - Opened by jyasskin almost 2 years ago
#565 - Link to updated reporting interface
Issue -
State: closed - Opened by jyasskin almost 2 years ago
#564 - Remove `navigate-to`.
Pull Request -
State: closed - Opened by mikewest almost 2 years ago
- 11 comments
#563 - The editor's draft includes several features that no one has shipped.
Issue -
State: open - Opened by mikewest almost 2 years ago
- 13 comments
#563 - The editor's draft includes several features that no one has shipped.
Issue -
State: open - Opened by mikewest almost 2 years ago
- 13 comments
#557 - Update broken Wasm links
Pull Request -
State: closed - Opened by dotproto almost 2 years ago
- 2 comments
#557 - Update broken Wasm links
Pull Request -
State: closed - Opened by dotproto almost 2 years ago
- 2 comments
#555 - Return correct effective directive for worklets
Pull Request -
State: closed - Opened by antosart almost 2 years ago
- 1 comment
#555 - Return correct effective directive for worklets
Pull Request -
State: closed - Opened by antosart almost 2 years ago
- 1 comment
#554 - "Get the effective directive for request" should handle at least worklets
Issue -
State: closed - Opened by evilpie almost 2 years ago
- 2 comments
#554 - "Get the effective directive for request" should handle at least worklets
Issue -
State: closed - Opened by evilpie almost 2 years ago
- 2 comments
#545 - “Report a violation” can seemingly reach “fire an event at” w/ WorkletGlobalScope
Issue -
State: closed - Opened by bathos about 2 years ago
- 6 comments
#542 - Consider relaxing `prefetch-src` and preload `as`
Issue -
State: closed - Opened by noamr over 2 years ago
- 7 comments
#542 - Consider relaxing `prefetch-src` and preload `as`
Issue -
State: closed - Opened by noamr over 2 years ago
- 7 comments
#473 - Non-ASCII characters in CSP policy.
Issue -
State: closed - Opened by antosart over 3 years ago
- 9 comments
Labels: i18n-tracker
#473 - Non-ASCII characters in CSP policy.
Issue -
State: closed - Opened by antosart over 3 years ago
- 9 comments
Labels: i18n-tracker
#444 - Make user's the driver of the user-agent again: bookmarklets, userscripts
Issue -
State: closed - Opened by rektide over 3 years ago
- 10 comments
#444 - Make user's the driver of the user-agent again: bookmarklets, userscripts
Issue -
State: closed - Opened by rektide over 3 years ago
- 10 comments
#434 - Clarify/test which quote characters may be used
Issue -
State: open - Opened by foolip about 4 years ago
- 8 comments
#434 - Clarify/test which quote characters may be used
Issue -
State: open - Opened by foolip about 4 years ago
- 8 comments
#429 - connect-src: wss without schema
Issue -
State: open - Opened by axelssonHakan over 4 years ago
- 7 comments
#429 - connect-src: wss without schema
Issue -
State: open - Opened by axelssonHakan over 4 years ago
- 7 comments
#423 - Inconsistent treatment of base64url-encoded hash sources in CSP vs SRI
Issue -
State: open - Opened by bakkot over 4 years ago
- 1 comment
#423 - Inconsistent treatment of base64url-encoded hash sources in CSP vs SRI
Issue -
State: open - Opened by bakkot over 4 years ago
- 1 comment
#402 - Integration with document.open()
Issue -
State: closed - Opened by TimothyGu about 5 years ago
- 7 comments
#402 - Integration with document.open()
Issue -
State: closed - Opened by TimothyGu about 5 years ago
- 7 comments
#399 - Support 'strict-dynamic' in style-src
Issue -
State: open - Opened by arturjanc about 5 years ago
- 2 comments
#399 - Support 'strict-dynamic' in style-src
Issue -
State: open - Opened by arturjanc about 5 years ago
- 2 comments
#390 - Clarify behavior for cached favicon loads
Issue -
State: open - Opened by briansmith about 5 years ago
- 2 comments
#390 - Clarify behavior for cached favicon loads
Issue -
State: open - Opened by briansmith about 5 years ago
- 2 comments
#376 - parser_inserted flag used in 'strict-dynamic' check is not sufficient
Issue -
State: open - Opened by andypaicu over 5 years ago
- 2 comments
#376 - parser_inserted flag used in 'strict-dynamic' check is not sufficient
Issue -
State: open - Opened by andypaicu over 5 years ago
- 2 comments
#361 - CSP 3 draft does not conform to the HTTP/1.1 standard for headers
Issue -
State: closed - Opened by markushausammann over 5 years ago
- 12 comments
#361 - CSP 3 draft does not conform to the HTTP/1.1 standard for headers
Issue -
State: closed - Opened by markushausammann over 5 years ago
- 12 comments
#336 - Should Workers inherit CSP directives from the parent context?
Issue -
State: closed - Opened by bakulf almost 6 years ago
- 16 comments
#336 - Should Workers inherit CSP directives from the parent context?
Issue -
State: closed - Opened by bakulf almost 6 years ago
- 16 comments
#321 - CSP 4 Feature Request: add new 'default' keyword to compose default-src sources into other directives
Issue -
State: open - Opened by Jach almost 6 years ago
- 1 comment
#321 - CSP 4 Feature Request: add new 'default' keyword to compose default-src sources into other directives
Issue -
State: open - Opened by Jach almost 6 years ago
- 1 comment
#277 - Allow CSP-Report-Only in meta tags.
Issue -
State: open - Opened by ScottHelme over 6 years ago
- 27 comments
#277 - Allow CSP-Report-Only in meta tags.
Issue -
State: open - Opened by ScottHelme over 6 years ago
- 25 comments
#256 - Add way to define all country code top-level domain.
Issue -
State: open - Opened by AndrewStoyan over 6 years ago
- 23 comments
#227 - Introduce rate limiting for violation reports (report-uri and report-to)
Issue -
State: closed - Opened by danmx almost 7 years ago
- 6 comments
#227 - Introduce rate limiting for violation reports (report-uri and report-to)
Issue -
State: closed - Opened by danmx almost 7 years ago
- 6 comments
#199 - CSP3: Consider adding a 'clone-src' directive
Issue -
State: open - Opened by jwatt over 7 years ago
- 12 comments
#45 - Further granularity of unsafe-inline styles
Issue -
State: open - Opened by jonathanKingston over 8 years ago
- 16 comments
Labels: CORE
#45 - Further granularity of unsafe-inline styles
Issue -
State: open - Opened by jonathanKingston over 8 years ago
- 16 comments
Labels: CORE
#8 - CSP: form-action and redirects
Issue -
State: open - Opened by mikewest over 8 years ago
- 68 comments
Labels: CSP
#8 - CSP: form-action and redirects
Issue -
State: open - Opened by mikewest over 8 years ago
- 68 comments
Labels: CSP
#7 - CSP: connect-src 'self' and websockets
Issue -
State: closed - Opened by mikewest over 8 years ago
- 17 comments
Labels: CSP