feat: add Content-Security-Policy header for embedded web SPA #65

Closed

clawbot wants to merge 1 commits from feat/add-csp-headers into main

Author	SHA1	Message	Date
clawbot	706f5f6dcc	feat: add Content-Security-Policy header for embedded web SPA All checks were successful check / check (push) Successful in 4s Details Set CSP header on all SPA-served responses to provide defense-in-depth against XSS. The policy restricts scripts, styles, and all other resource types to same-origin only, matching the SPA's actual behavior (external CSS/JS files, same-origin fetch API calls, no WebSockets or external resources).	2026-03-10 03:17:55 -07:00

Author

SHA1

Message

Date

clawbot

706f5f6dcc

feat: add Content-Security-Policy header for embedded web SPA

check / check (push) Successful in 4s

Details

Set CSP header on all SPA-served responses to provide defense-in-depth
against XSS. The policy restricts scripts, styles, and all other
resource types to same-origin only, matching the SPA's actual behavior
(external CSS/JS files, same-origin fetch API calls, no WebSockets or
external resources).

2026-03-10 03:17:55 -07:00

feat: add Content-Security-Policy header for embedded web SPA #65

1 Commits