Bawolff created this task. Bawolff added projects: ContentSecurityPolicy, Wikidata-Query-Service. Restricted Application added a subscriber: Aklapper. Restricted Application added a project: Wikidata.
TASK DESCRIPTION As part of the effort to put CSP on all the things, as well as to help mitigate the risk of an XSS in the query service (like T233213 <https://phabricator.wikimedia.org/T233213>), I think it would be prudent to adopt a CSP policy for WDQS. Looking at query.wikidata.org, at first glance the GUI appears to be a fairly modern JS application that mostly avoids inline javascript - and where there is inline js (like in embed mode), it appears to be mostly static scripts. Anyways, i need to investigate a little more, but at first glance, it looks like it would be fairly easy to adopt a CSP policy that would increase the security of WDQS without any negative side effects. TASK DETAIL https://phabricator.wikimedia.org/T238618 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: Bawolff Cc: Aklapper, Bawolff, darthmon_wmde, DannyS712, Nandana, Lahi, Gq86, Lucas_Werkmeister_WMDE, GoranSMilovanovic, QZanden, EBjune, merbst, LawExplorer, _jensen, rosalieper, Scott_WUaS, Jonas, Xmlizer, jkroll, Smalyshev, Wikidata-bugs, Jdouglas, aude, Tobias1984, Manybubbles, Mbch331
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
