cspBuilder Wizard from Daniel Veditz on 2013-05-23 (public-webappsec@w3.org from May 2013)

From: Daniel Veditz <dveditz@mozilla.com>
Date: Thu, 23 May 2013 09:41:43 -0700
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <519E46C7.3020005@mozilla.com>

Ran across an interesting service/experiment, a 3rd party cspBuilder 
wizard. You run your site with a locked-down report-only policy sending 
your reports to this guy's server and he builds a CSP policy for you.

http://ipsec.pl/node/1108  (blog)
http://cspbuilder.info/    (tool)

You certainly wouldn't want to take the results uncritically--what if a 
visitor is trying to poison the results while you're running the tool? 
I'd also be uncomfortable reporting all my traffic to some unknown 3rd 
party, but an open-source tool to do this that people could install on 
their own report server could be helpful.

-Dan Veditz

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Thursday, 23 May 2013 16:42:19 UTC