Skip to content

Define and add a CSP to the web app

We have found a couple of XSS vulnerabilities over the years, and there may be a few more that we are unaware of.

a strict Content-Security-Policy should help mitigate them.

Migrated from T4028 (view on Phabricator)