Skip to main content
2,931 questions
Newest Active Bountied Unanswered
0 votes
0 answers
66 views

I am integrating the PayPal JavaScript SDK v6 into my web application and experiencing a critical issue in the Sandbox environment: the onApprove callback is never called after the buyer clicks the &...
mareb's user avatar
  • 29
0 votes
0 answers
82 views

I am working on securing a WordPress website that uses Elementor and several plugins. I have implemented a Content Security Policy (CSP) via .htaccess like this: Header always set Content-Security-...
Daaim Khan's user avatar
  • 1
Advice
1 vote
1 replies
92 views

I am enabling CSP for a CI4 project and I wonder how we can have different Content Security Policy directives for development and production. Separate ContentSecurityPolicy.php files in Config\...
Sarvap Praharanayuthan's user avatar
  • 4,368
1 vote
0 answers
106 views

My organisation couldn't test the new Sharepoint CSP policies ahead of time on our dev tenant and now I am trying to make our Google Tag Manager integration through SPFX Extension Custom Appplication ...
Charles P's user avatar
  • 11
0 votes
1 answer
96 views

Based on Laravel documentation and also posts on similar issues, it seems once we set http_only true, which is already true by default, HttpOnly flag will be set in HTTP response header. But this is ...
Zhiyong Li's user avatar
  • 609
-3 votes
2 answers
125 views

How can I create and run a function based on a function name from a string? I need to redo some stuff because we are changing our CSP to block unsafe-inline and unsafe-eval. What I am trying to do ...
Keith Fosberg's user avatar
  • 137
-1 votes
2 answers
64 views

I am using the NetScaler GUI version 14.1, I am trying to find the correct way to do the following, however I cannot seem to get it right with the options I am given. Does anyone happen to have a ...
ShelC's user avatar
  • 1
-1 votes
1 answer
51 views

After our latest Angular app release, which included a CSP update, some functionality broke, specifically related to map tiles. Scenario: The app was originally using Google Maps, which worked fine. ...
Kasun Gamage's user avatar
  • 1
1 vote
1 answer
363 views

I have spent the entire morning trying to implement a strict Content Security Policy (CSP) using nonces with Apache and Angular 20.3 SSR. On the Apache side, I am able to generate a nonce correctly ...
Charles LINDECKER's user avatar
  • 11
0 votes
2 answers
246 views

I have to secure a checkout that includes a nonce aware GTM script code: <script nonce="eWp5ejMyZjFiZDRzMzBwZjc1M3dhYXdpNHRnM3RoNjc=">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm....
adrien54's user avatar
  • 1,658
0 votes
0 answers
40 views

In my ASP.NET MVC 5 project, I am migrating to a strict Content Security Policy (CSP) to eliminate the use of 'unsafe-inline' for scripts. While I have successfully implemented the nonce approach to ...
Priyanshi vasoya's user avatar
  • 1
0 votes
1 answer
75 views

In my very simple Sinatra app I have a home page on which there is form which needs to be submitted through AJAX and the HAML template needs to execute some JS code. And I need to set the Content-...
Jignesh Gohel's user avatar
  • 6,588
Advice
3 votes
2 replies
315 views

I'm migrating an app from React Router v6 + Webpack to React Router v7 (SPA mode) + Vite and I'm having issues with setting a strict Content Security Policy. In RR6 I had a normal index.html and ...
tykhan's user avatar
  • 131
1 vote
0 answers
53 views

I'm trying to use NEL reporting in Chrome. As far as I can see, everything is configured correctly, but no errors are reported. My NEL header: Nel: {"report_to":"nel","max_age&...
Synchro's user avatar
  • 38.1k
1 vote
1 answer
189 views

I'm adding Clarity to my content security policy (CSP). Somehow, I'm getting a blockedUrl: https://c.clarity.ms:443/c.gif on img-src even though my policy includes both *.clarity.ms and the same with …...
Michael Johansen's user avatar
  • 5,224

15 30 50 per page
1
2 3 4 5
196