Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SPIKE] Research Content Security Policy Implementation #1279

Open
exalate-issue-sync bot opened this issue Jan 14, 2025 · 1 comment
Open

[SPIKE] Research Content Security Policy Implementation #1279

exalate-issue-sync bot opened this issue Jan 14, 2025 · 1 comment
Assignees
@dheitzer

Comments

@exalate-issue-sync
Copy link

exalate-issue-sync bot commented Jan 14, 2025
edited
Loading

Based on https://guides.18f.gov/engineering/security/content-security-policy/

Determine a plan for implementing CSP for our application. Come up with the policies that we want. Determine where to implement it (maybe nginx server). Since the CSP is enforced on the webpage, adding a CSP to the api requests won’t add value there, BUT we might still want to have CSP for the swagger docs which is served by the api rather than the front end server.

Once a plan has been established, update https://fecgov.atlassian.net/browse/FECFILE-1907 and https://fecgov.atlassian.net/browse/FECFILE-1908

Complete by COB Wednesday 22, 2025

QA Notes

null

DEV Notes

null

Design

null

See full ticket and images here: FECFILE-1947
@exalate-issue-sync Exalate Issue Sync
Copy link
Author

David Heitzer commented: dependent Ticket DEV notes have been updated accordingly with the needed CSP details to implement.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dheitzer dheitzer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dheitzer