Skip to content
This repository was archived by the owner on Nov 4, 2024. It is now read-only.
This repository was archived by the owner on Nov 4, 2024. It is now read-only.

CSP in <meta> is not analyzed when sent together with CSP in header #489

Open
Open
CSP in <meta> is not analyzed when sent together with CSP in header#489
@AntoniRoszak

Description

@AntoniRoszak
AntoniRoszak
opened on Nov 14, 2022

Steps:

  1. Scan page: https://shop.rockwool.com

Observation:

  • Page scores 120 with most CSP directives listed as "none".

Expectation:

  • Page should score 110, as there are more directives in tag. They are analyzed by code, but discarded.

Problem appeared in commit a422b3a - when I check out master before this commit, the combined policy is analyzed properly.

CSP header data:
upgrade-insecure-requests; frame-ancestors 'self'

@april

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions