Skip to content

Issues: w3c/webappsec-csp

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

178 Open 249 Closed
178 Open 249 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

"source file" lacks a real defintion
#707 opened Feb 14, 2025 by evilpie
1
connect-src test suite allows multiple non-interopable implementations. interop Implementations are not interoperable with each other
#706 opened Jan 30, 2025 by lukewarlow
1
Clipping of violation’s sample to the 40 first characters
#704 opened Jan 23, 2025 by fred-wang
2
How to specify 2 endpoints for Reporting-Endpoints? meta Tasks and questions outside the content of the standard
#701 opened Jan 15, 2025 by SwiftExtender
1
How to prevent an iframe with srcdoc and defined csp from inheriting the parent page's CSP policies wontfix This proposal or request will not be implemented
#700 opened Dec 7, 2024 by JuanRojasC
1
EnsureCSPDoesNotBlockStringCompilation: calling "Get Trusted Type compliant string" editorial Changes that do not affect how the standard is understood
#698 opened Dec 4, 2024 by fred-wang
EnsureCSPDoesNotBlockStringCompilation: Explain why we need to check TrustedScript's data (and add tests)
#697 opened Dec 4, 2024 by fred-wang
https://w3c.github.io/webappsec-csp/#report-violation invokes "Queue a task" without passing a task source
#696 opened Dec 2, 2024 by mbrodesser-Igalia
Allow RFC3986 scheme relative URIs in host-source
#694 opened Nov 27, 2024 by Mahoney
Consider recommending the usage of events instead of CSP reports for CSP WPTs editorial Changes that do not affect how the standard is understood
#690 opened Nov 19, 2024 by mbrodesser-Igalia
Should "Should navigation request of type be blocked by Content Security Policy?" set the violation object's element? clarification The standard is unclear or ambiguous editorial Changes that do not affect how the standard is understood
#687 opened Oct 24, 2024 by mbrodesser-Igalia
3
Introduce 'connect-certificate-hash' for WebTransport needs concrete proposal Moving the issue forward requires someone to figure out a detailed plan
#683 opened Oct 8, 2024 by jan-ivar
3
CSP headers are incorrect with multiple rules
#682 opened Oct 8, 2024 by letanloc1998
3
port-part being null is not handled editorial Changes that do not affect how the standard is understood
#680 opened Sep 13, 2024 by evilpie
Feedback request on not capturing the caller in new Function and indirect eval
#679 opened Sep 4, 2024 by nicolo-ribaudo
Should font-src reporting kick in on font-face reference or font request?
#677 opened Aug 22, 2024 by robinwhittleton
6
loading local stylesheets without self source
#676 opened Aug 13, 2024 by nizos
2
Consider using SecurityPolicyViolationEvent.sourceFile a USVString
#674 opened Jul 31, 2024 by emilio
1
CSP spec not user-friendly
#673 opened Jul 23, 2024 by galund
CSP Report Does Not Reflect Redirected Blocked Domains wontfix This proposal or request will not be implemented
#672 opened Jul 15, 2024 by ConardLi
8
Add new CSP sandbox directive to allow SameSite=None cookies on top-level frames
#664 opened May 24, 2024 by DCtheTall
7
frame-src is not effective in restricting the possible origins of subframes
#662 opened May 21, 2024 by antosart
3
Possibility to block all javascript: URLs
#658 opened Apr 30, 2024 by Sjord
3
Upstream trusted type changes
#651 opened Mar 14, 2024 by lukewarlow
1
Document columnNumber format
#649 opened Mar 13, 2024 by stefnotch
1
ProTip! Type g p on any issue or pull request to go back to the pull request listing page.