-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[VULN-45] CSP for Icons Server #4747
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4747 +/- ##
=======================================
Coverage ? 41.82%
=======================================
Files ? 1294
Lines ? 61743
Branches ? 5693
=======================================
Hits ? 25827
Misses ? 34725
Partials ? 1191 β View full report in Codecov by Sentry. |
New Issues
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Failing tests seem to be from something other than my changes. |
ποΈ Tracking
https://bitwarden.atlassian.net/browse/VULN-45
π Objective
Prevent icon server from executing JavaScript. Add a CSP header to all responses via ASP.NET middleware.