[tor-bugs] #15968 [BridgeDB]: Add a "Content-Security-Policy" header to BridgeDB's HTTPS Distributor

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jul 25 01:18:22 UTC 2015


#15968: Add a "Content-Security-Policy" header to BridgeDB's HTTPS Distributor
-------------------------+-------------------------------------------------
     Reporter:  isis     |      Owner:  isis
         Type:           |     Status:  closed
  enhancement            |  Milestone:
     Priority:  major    |    Version:
    Component:           |   Keywords:  bridgedb-https, security,
  BridgeDB               |  bridgedb-0.3.3
   Resolution:  fixed    |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Changes (by isis):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Merged for BridgeDB 0.3.3.

 In the future, once they are more supported by browsers, we may want to
 look into also including the `reflected-xss` and `frame-ancestors` Content
 Security Polivy v2.0 directives.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15968#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list