Add Content Security Policy (CSP) support to Requark/Wiki.js to mitigate XSS and supply-chain risks | Voters

Add Content Security Policy (CSP) support to Requark/Wiki.js to mitigate XSS and supply-chain risks

Stanislav Sidoryak

Please add the ability to configure CSP in a supported and maintainable way, including:
1) Configurable CSP header
- Ability to set CSP directives (e.g., default-src, script-src, style-src, img-src, connect-src, font-src, frame-src, object-src, base-uri, form-action, frame-ancestors, etc.).
- Support for both Content-Security-Policy and Content-Security-Policy-Report-Only modes.
2) Admin setting section for CSP

5 hours ago