Security: Add Content-Security-Policy header (FE02) #44

New issue

Open

opened 2026-04-22 00:23:54 +00:00 by frank · 0 comments

frank commented 2026-04-22 00:23:54 +00:00

Owner

Copy link

No CSP header configured. Allows inline scripts and external resources.\n\nFix: Add CSP header via Caddy/Apache config. Start with report-only mode.\n\nSecurity audit: FE02 (medium)

No CSP header configured. Allows inline scripts and external resources.\n\nFix: Add CSP header via Caddy/Apache config. Start with report-only mode.\n\nSecurity audit: FE02 (medium)

frank added this to the Launch Prep milestone 2026-04-22 00:23:54 +00:00

frank added the

security

priority:medium

labels 2026-04-22 00:23:54 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

No results found.

Labels

Clear labels   

bug

Something isnt working

  

deferred

Intentionally deferred, revisit later

  

documentation

Documentation improvements

  

enhancement

New feature or request

  

feature

New feature or capability

  

infra

Infrastructure, deployment, monitoring

  

integration

Third-party integrations and imports

  

marketing

Marketing, community, and outreach

  

priority:high

High priority

  

priority:low

Low priority

  

priority:medium

Medium priority

  

Pro

Pro/Household tier feature

  

security

Security-related item

  

UX

User experience improvement

No labels

bug

deferred

documentation

enhancement

feature

infra

integration

marketing

priority:high

priority:low

priority:medium

Pro

security

UX

Milestone

Clear milestone

No items

No milestone

Launch Prep

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

frank/cookslate#44

No description provided.