Announcement

Collapse
No announcement yet.

Forum https

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by DoubleTop View Post
    I thought of this thread when dealing with an issue, for security I had added the following to the site

    Code:
    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
    https://developers.google.com/web/fu..._mixed_content
    https://developer.mozilla.org/en-US/...-mixed-content

    Interestingly, the site had allowed an image URL (internal upload) to be added with a full page with http (missing the s) so apparently that made the cms broken and the world core was going to explode because an image wasn't visible ......

    it's been a strange day
    Thanks for the update and links mate. Some of the devs in our place are constantly hardcoding the protocol tag causing images to not load. I wasn't aware of the 'upgrade-insecure-requests' option in the CSP directive, let alone that you could set it as a HTTP header. So I'm sure this will come in very handy.

    Comment

    Working...
    X