Hush Line’s Post

Thanks to Giovanni Pellerano of GLOBALEAKS for his collaboration in addressing a misconfiguration in our app, where our content security policy (CSP) was unset. When we moved our app onto Digital Ocean’s App Platform, we didn’t have to use Nginx anymore, and our previous CSP lived in those configuration files. Micah Lee promptly addressed the issue by moving the CSP to the app code, and we immediately deployed the fix. A CSP sets rules for what resources can load in your browser and the permissions an app can request. Since Hush Line doesn’t require any permissions and has next to no dependencies, there’s no impact to our users. Much appreciation for Giovanni’s watchful eye and the collaboration in the #whistleblower community 🙏 https://lnkd.in/gGr2G-pW #cve #opensource #nonprofit #community

Content Security Policy appears to be missing in software and production setup

Content Security Policy appears to be missing in software and production setup

github.com

To view or add a comment, sign in

Explore topics