Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / w3c/webappsec-csp issues and pull requests

#582 - Use "least restrictive" directive instead of `prefetch-src`

Pull Request - State: closed - Opened by noamr over 1 year ago - 8 comments

#581 - Remove initialization hook

Issue - State: open - Opened by antosart over 1 year ago

#581 - Remove initialization hook

Issue - State: open - Opened by antosart over 1 year ago

#580 - Fix references to html after navigation and session history rewrite

Pull Request - State: closed - Opened by antosart over 1 year ago - 2 comments

#580 - Fix references to html after navigation and session history rewrite

Pull Request - State: closed - Opened by antosart over 1 year ago - 2 comments

#579 - Should we replace browsing contexts with navigables?

Issue - State: closed - Opened by antosart over 1 year ago - 2 comments

#579 - Should we replace browsing contexts with navigables?

Issue - State: closed - Opened by antosart over 1 year ago - 2 comments

#578 - Fix for each iterations referring to infra

Pull Request - State: closed - Opened by antosart over 1 year ago - 2 comments

#577 - Directive's value is a set

Issue - State: closed - Opened by annevk over 1 year ago

#577 - Directive's value is a set

Issue - State: closed - Opened by annevk over 1 year ago

#576 - Broken references in Content Security Policy Level 3

Issue - State: closed - Opened by dontcallmedom-bot over 1 year ago - 1 comment

#576 - Broken references in Content Security Policy Level 3

Issue - State: closed - Opened by dontcallmedom-bot over 1 year ago - 1 comment

#575 - `'report-hash'`: Adding hashes of blocked content to violation reports

Issue - State: open - Opened by arturjanc over 1 year ago - 5 comments

#574 - Enable CSP3 `'unsafe-hashes'` for script `src` attributes

Issue - State: open - Opened by arturjanc over 1 year ago - 4 comments

#574 - Enable CSP3 `'unsafe-hashes'` for script `src` attributes

Issue - State: open - Opened by arturjanc over 1 year ago - 4 comments

#573 - CSS and JSON module scripts

Issue - State: closed - Opened by annevk over 1 year ago

#573 - CSS and JSON module scripts

Issue - State: closed - Opened by annevk over 1 year ago

#572 - Fix references to other specs

Pull Request - State: closed - Opened by antosart over 1 year ago

#572 - Fix references to other specs

Pull Request - State: closed - Opened by antosart over 1 year ago

#570 - How to block javascript injection in app webview.

Issue - State: closed - Opened by lufengd3 over 1 year ago - 4 comments

#570 - How to block javascript injection in app webview.

Issue - State: closed - Opened by lufengd3 over 1 year ago - 4 comments

#569 - Fix validation of CSS markup

Pull Request - State: closed - Opened by antosart over 1 year ago - 2 comments

#569 - Fix validation of CSS markup

Pull Request - State: closed - Opened by antosart over 1 year ago - 2 comments

#568 - Define securitypolicyviolation event

Pull Request - State: closed - Opened by tidoust over 1 year ago - 6 comments

#568 - Define securitypolicyviolation event

Pull Request - State: closed - Opened by tidoust over 1 year ago - 6 comments

#567 - Add support for the webidentity destination

Pull Request - State: closed - Opened by cbiesinger almost 2 years ago - 4 comments

#566 - Fix link to updated reporting interface

Pull Request - State: closed - Opened by antosart almost 2 years ago

#566 - Fix link to updated reporting interface

Pull Request - State: closed - Opened by antosart almost 2 years ago

#565 - Link to updated reporting interface

Issue - State: closed - Opened by jyasskin almost 2 years ago

#565 - Link to updated reporting interface

Issue - State: closed - Opened by jyasskin almost 2 years ago

#564 - Remove `navigate-to`.

Pull Request - State: closed - Opened by mikewest almost 2 years ago - 11 comments

#563 - The editor's draft includes several features that no one has shipped.

Issue - State: open - Opened by mikewest almost 2 years ago - 13 comments

#563 - The editor's draft includes several features that no one has shipped.

Issue - State: open - Opened by mikewest almost 2 years ago - 13 comments

#557 - Update broken Wasm links

Pull Request - State: closed - Opened by dotproto almost 2 years ago - 2 comments

#557 - Update broken Wasm links

Pull Request - State: closed - Opened by dotproto almost 2 years ago - 2 comments

#555 - Return correct effective directive for worklets

Pull Request - State: closed - Opened by antosart almost 2 years ago - 1 comment

#555 - Return correct effective directive for worklets

Pull Request - State: closed - Opened by antosart almost 2 years ago - 1 comment

#554 - "Get the effective directive for request" should handle at least worklets

Issue - State: closed - Opened by evilpie almost 2 years ago - 2 comments

#554 - "Get the effective directive for request" should handle at least worklets

Issue - State: closed - Opened by evilpie almost 2 years ago - 2 comments

#542 - Consider relaxing `prefetch-src` and preload `as`

Issue - State: closed - Opened by noamr over 2 years ago - 7 comments

#542 - Consider relaxing `prefetch-src` and preload `as`

Issue - State: closed - Opened by noamr over 2 years ago - 7 comments

#473 - Non-ASCII characters in CSP policy.

Issue - State: closed - Opened by antosart over 3 years ago - 9 comments
Labels: i18n-tracker

#473 - Non-ASCII characters in CSP policy.

Issue - State: closed - Opened by antosart over 3 years ago - 9 comments
Labels: i18n-tracker

#444 - Make user's the driver of the user-agent again: bookmarklets, userscripts

Issue - State: closed - Opened by rektide over 3 years ago - 10 comments

#444 - Make user's the driver of the user-agent again: bookmarklets, userscripts

Issue - State: closed - Opened by rektide over 3 years ago - 10 comments

#434 - Clarify/test which quote characters may be used

Issue - State: open - Opened by foolip about 4 years ago - 8 comments

#434 - Clarify/test which quote characters may be used

Issue - State: open - Opened by foolip about 4 years ago - 8 comments

#429 - connect-src: wss without schema

Issue - State: open - Opened by axelssonHakan over 4 years ago - 7 comments

#429 - connect-src: wss without schema

Issue - State: open - Opened by axelssonHakan over 4 years ago - 7 comments

#423 - Inconsistent treatment of base64url-encoded hash sources in CSP vs SRI

Issue - State: open - Opened by bakkot over 4 years ago - 1 comment

#423 - Inconsistent treatment of base64url-encoded hash sources in CSP vs SRI

Issue - State: open - Opened by bakkot over 4 years ago - 1 comment

#402 - Integration with document.open()

Issue - State: closed - Opened by TimothyGu about 5 years ago - 7 comments

#402 - Integration with document.open()

Issue - State: closed - Opened by TimothyGu about 5 years ago - 7 comments

#399 - Support 'strict-dynamic' in style-src

Issue - State: open - Opened by arturjanc about 5 years ago - 2 comments

#399 - Support 'strict-dynamic' in style-src

Issue - State: open - Opened by arturjanc about 5 years ago - 2 comments

#390 - Clarify behavior for cached favicon loads

Issue - State: open - Opened by briansmith about 5 years ago - 2 comments

#390 - Clarify behavior for cached favicon loads

Issue - State: open - Opened by briansmith about 5 years ago - 2 comments

#376 - parser_inserted flag used in 'strict-dynamic' check is not sufficient

Issue - State: open - Opened by andypaicu over 5 years ago - 2 comments

#376 - parser_inserted flag used in 'strict-dynamic' check is not sufficient

Issue - State: open - Opened by andypaicu over 5 years ago - 2 comments

#361 - CSP 3 draft does not conform to the HTTP/1.1 standard for headers

Issue - State: closed - Opened by markushausammann over 5 years ago - 12 comments

#361 - CSP 3 draft does not conform to the HTTP/1.1 standard for headers

Issue - State: closed - Opened by markushausammann over 5 years ago - 12 comments

#336 - Should Workers inherit CSP directives from the parent context?

Issue - State: closed - Opened by bakulf almost 6 years ago - 16 comments

#336 - Should Workers inherit CSP directives from the parent context?

Issue - State: closed - Opened by bakulf almost 6 years ago - 16 comments

#277 - Allow CSP-Report-Only in meta tags.

Issue - State: open - Opened by ScottHelme over 6 years ago - 27 comments

#277 - Allow CSP-Report-Only in meta tags.

Issue - State: open - Opened by ScottHelme over 6 years ago - 25 comments

#256 - Add way to define all country code top-level domain.

Issue - State: open - Opened by AndrewStoyan over 6 years ago - 23 comments

#227 - Introduce rate limiting for violation reports (report-uri and report-to)

Issue - State: closed - Opened by danmx almost 7 years ago - 6 comments

#227 - Introduce rate limiting for violation reports (report-uri and report-to)

Issue - State: closed - Opened by danmx almost 7 years ago - 6 comments

#199 - CSP3: Consider adding a 'clone-src' directive

Issue - State: open - Opened by jwatt over 7 years ago - 12 comments

#45 - Further granularity of unsafe-inline styles

Issue - State: open - Opened by jonathanKingston over 8 years ago - 16 comments
Labels: CORE

#45 - Further granularity of unsafe-inline styles

Issue - State: open - Opened by jonathanKingston over 8 years ago - 16 comments
Labels: CORE

#8 - CSP: form-action and redirects

Issue - State: open - Opened by mikewest over 8 years ago - 68 comments
Labels: CSP

#8 - CSP: form-action and redirects

Issue - State: open - Opened by mikewest over 8 years ago - 68 comments
Labels: CSP

#7 - CSP: connect-src 'self' and websockets

Issue - State: closed - Opened by mikewest over 8 years ago - 17 comments
Labels: CSP