Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improve CSP compliance #257

Merged
merged 5 commits into from
Oct 27, 2023
Merged

improve CSP compliance #257

merged 5 commits into from
Oct 27, 2023

Commits on Oct 20, 2023

  1. improve CSP compliance 

    - disallow setting nonces on the server via cookie
- disallow setting nonces other than through crypto secure method
- suppress 'check' mode
- do not send nonce via cookie to the frontend
    @vejja
    vejja committed Oct 20, 2023
    Configuration menu
    Copy the full SHA
    b08c198 View commit details
    Browse the repository at this point in the history

Commits on Oct 21, 2023

  1. RFC-compliant crypto 

    - W3C mandates at least 128 bits of entropy
- randomUUID only had 122
    @vejja
    vejja committed Oct 21, 2023
    Configuration menu
    Copy the full SHA
    ee366c7 View commit details
    Browse the repository at this point in the history

Commits on Oct 26, 2023

  1. small correction to doc

    @vejja
    vejja committed Oct 26, 2023
    Configuration menu
    Copy the full SHA
    be2df08 View commit details
    Browse the repository at this point in the history

  2. Merge remote-tracking branch 'upstream/chore/1.0.0-rc.3' into fix/csp… 

    …-nonce-cookie
    @vejja
    vejja committed Oct 26, 2023
    Configuration menu
    Copy the full SHA
    063d6d5 View commit details
    Browse the repository at this point in the history

  3. fix nonce test randomly failing

    @vejja
    vejja committed Oct 26, 2023
    Configuration menu
    Copy the full SHA
    97c37c1 View commit details
    Browse the repository at this point in the history