[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Whonix website security rating - "B" (Mozilla Observatory) - Content Security Policy (CSP)

CSP issue. Not reasonable to work on this. Reasoning here:

Applicable chapters:

1 Like

CSP simplification.

Reason for simplification: Website breaks in corner cases and the more complex CSP also does not provide higher security. It’s just more complex. Website and Server Tests scores are unchanged.

Old:

content-security-policy: default-src ‘none’; connect-src ‘self’; script-src ‘self’ https://.whonix.org ‘unsafe-inline’ ‘unsafe-eval’; style-src ‘self’ https://.whonix.org ‘unsafe-inline’; img-src ‘self’ data: https://.whonix.org; font-src ‘self’ https://.whonix.org;

New:

content-security-policy: default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’;

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]