GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Foone🏳️‍⚧️ (foone@digipres.club)'s status on Sunday, 03-Nov-2024 11:17:31 JST Foone🏳️‍⚧️ Foone🏳️‍⚧️

    hey, web administrators: be careful with your content-security-policy headers. yeah it's nice to set up a good cross-site-scripting policy, but you shouldn't be leaking information to attackers with it.

    In conversation about 19 days ago from digipres.club permalink
    • alcinnz repeated this.
    • Embed this notice
      Foone🏳️‍⚧️ (foone@digipres.club)'s status on Sunday, 03-Nov-2024 11:17:31 JST Foone🏳️‍⚧️ Foone🏳️‍⚧️
      in reply to

      I just checked the logs for a simple HTTP request to their top level site and it defined a content security policy for 92 separate domains.
      Including a lot of fun ones with names like "sandbox.company.egg" and "debugging.company.egg" and "embedded.demo.company.egg" and "debug-preview.company.egg"

      all of which is pretty questionable when you already defined a *.company.egg policy!

      In conversation about 19 days ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.