(Superseded) Experimenting with a 'strict-dynamic' Content Security Policy (CSP)

kelv · July 16, 2024, 4:10am

As the strict-dynamic CSP is non-optional from Discourse v3.3.0.beta3 onwards, we’ve updated Mitigate XSS Attacks with Content Security Policy and this topic will be closed.

Topic		Replies	Views
Content-Security-Policy now uses 'strict-dynamic' announcements	13	1052	September 2, 2024
Mitigate XSS Attacks with Content Security Policy Site Management how-to , content-security-policy	32	23258	June 13, 2023
Discourse 2.2.0.beta9 Release Notes announcements release-notes	1	2951	January 21, 2019
Discourse 2.2.0.beta6 Release Notes announcements release-notes	1	3401	December 14, 2018
Add CSP nonce-source support dev	12	3620	November 2, 2018