I hereby claim:
- I am oreoshake on github.
- I am oreoshake (https://keybase.io/oreoshake) on keybase.
- I have a public key ASD4N6g__7GEtuosEF4aKnCo2xivSd0DBYPcuzSKD4HQbgo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
Credentials: I created the secure_headers library which essentially does the same thing. I also built the scala library in use at twitter today.
secure_headers used to have to_json
/from_json
functionality (pull request) but I removed it when I rewrote the library (for use at GitHub). This implementation would not be compatible with my implementation which was inspired by this proposal.
I think it would be better to collapse all directive source lists to a flat structure. i.e. instead of having sub elements for "allow" (an array), "self" (boolean), "unsafe-inline" (boolean), "unsafe-eval" (boolean), just have a directive accept an array containing those values. This model matches the spec more closely and in my experience just creates more confusion. While it does have the benefit of validation (against types like unsafe-inli
ddd |
require 'rubygems' | |
require 'octokit' | |
require 'bundler/audit/cli' | |
require 'bundler/audit/database' | |
require 'parallel' | |
Bundler::Audit::CLI.new.update | |
ORG = ARGV[0] || "github" |
<input type="file" id="input"><br> | |
<img id="output"> | |
<canvas id="canvas" style="display:none"></canvas> | |
<script> | |
// from http://stackoverflow.com/questions/19032406/convert-html5-canvas-into-file-to-be-uploaded | |
function uploadCanvas(dataURL) { | |
var blobBin = atob(dataURL.split(',')[1]); | |
var array = []; | |
for(var i = 0; i < blobBin.length; i++) { |
For testing: http://referrerrerr.herokuapp.com/
no-referrer-when-downgrade
behavior)no-referrer
, origin
, no-referrer-when-downgrade
, unsafe-url
and defaults to origin
no-referrer
, origin
, no-referrer-when-downgrade
, unsafe-url
and defaults to no-referrer
<BorderPane fx:id="root_pane" maxHeight="-Infinity" maxWidth="-Infinity" minHeight="800" minWidth="1000" prefHeight="800.0" prefWidth="1024.0" xmlns="http://javafx.com/javafx/8" xmlns:fx="http://javafx.com/fxml/1"> | |
<center> | |
<TabPane fx:id="tab_pane" tabClosingPolicy="ALL_TABS" BorderPane.alignment="CENTER" /> | |
</center> | |
</BorderPane> |
[ | |
{ | |
"id": 186, | |
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36", | |
"classification": "javascript_href", | |
"created_at": "2014-09-10T02:22:04.686Z", | |
"updated_at": "2014-09-10T02:22:04.686Z", | |
"weak_id": "1UStqNc8fKXFDV9rEtrV28TtjhbuwNpJURlvr4LKJnU=", | |
"report": "{\"csp-report\":{\"document-uri\":\"http://csp-inline-fingerprint.herokuapp.com/csp/javascript_href\",\"referrer\":\"http://csp-inline-fingerprint.herokuapp.com/\",\"violated-directive\":\"style-src 'none'\",\"original-policy\":\"default-src 'none'; script-src 'none'; style-src 'none'; report-uri /csp/javascript_href?id=1UStqNc8fKXFDV9rEtrV28TtjhbuwNpJURlvr4LKJnU=\",\"blocked-uri\":\"\",\"source-file\":\"chrome-extension://gighmmpiobklfepjocnamgkkbiglidom\",\"line-number\":102,\"column-number\":47,\"status-code\":200}}" | |
}, |
<img id="asdf" src="asdf"> | |
<script> | |
$('#asdf').error(function(e) { | |
alert("FAIL") | |
}); | |
</script> |
val reasonFiltered: Option[String] = { | |
val sourceFileString = sourceFile.getOrElse("").toLowerCase | |
if ("localhost" == reportHost || "localhost" == blockedHost | |
|| "127.0.0.1" == reportHost || "127.0.0.1" == blockedHost) { | |
Some("localhost") | |
} else if (sourceFileString.startsWith("resource://") | |
|| blockedUri.contains("addons.mozilla.org%22%3B%0Avar%20c%3D%22FastestFox")) { | |
Some("firefox_extension") | |
} else if (sourceFileString.startsWith("chromenull://") || blockedUri.startsWith("chromenull://")) { |