Mike Samuel mikesamuel

## header-safe-defaults.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                mikesamuel
                / header-safe-defaults.md
            
            
              Last active
              June 19, 2021 04:08
            
              
                Golang header safe defaults library proposal
              
          
    Secure Header Set

_{^{tinyurl.com/sec-header-sets}}
A proposed library that provides safe defaults (with opt-out) for security-relevant HTTP response headers.


Secure Header Set
Background


## auto-noncing-design.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                mikesamuel
                / auto-noncing-design.md
            
            
              Last active
              August 12, 2022 15:09
            
              
                CSP Auto-noncing in Go html/template
              
          
    Auto-noncing in Go html/template

Background

CSP mitigates many client-side security vulnerabilities.
A policy is a whitelist of locations from which JavaScript, Styles, and other content can be loaded.
CSP allows nonces &
hashes to make it easy for a policy to allow
some inline content without allowing all inline content.