W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

cspBuilder Wizard

From: Daniel Veditz <dveditz@mozilla.com>
Date: Thu, 23 May 2013 09:41:43 -0700
Message-ID: <519E46C7.3020005@mozilla.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Ran across an interesting service/experiment, a 3rd party cspBuilder 
wizard. You run your site with a locked-down report-only policy sending 
your reports to this guy's server and he builds a CSP policy for you.

http://ipsec.pl/node/1108  (blog)
http://cspbuilder.info/    (tool)

You certainly wouldn't want to take the results uncritically--what if a 
visitor is trying to poison the results while you're running the tool? 
I'd also be uncomfortable reporting all my traffic to some unknown 3rd 
party, but an open-source tool to do this that people could install on 
their own report server could be helpful.

-Dan Veditz

Received on Thursday, 23 May 2013 16:42:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:33 UTC