[Wikidata-bugs] [Maniphest] [Commented On] T238618: Adopt a CSP policy for query.wikidata.org

Bawolff Sun, 24 Nov 2019 05:14:22 -0800

Bawolff added a comment.


  So if I was ignoring polestar (aka graph builder mode) the ideal CSP would be 
something like:
  
    default-src 'self' data:;
    style-src 'unsafe-inline' data: 'self';
    img-src data: 'self' upload.wikimedia.org commons.wikimedia.org;
    media-src data: 'self' upload.wikimedia.org commons.wikimedia.org;
    script-src 'report-sample' https://query.wikidata.org/js/ blob:;
    connect-src meta.wikimedia.org www.wikidata.org 'self';
    object-src 'none';
    report-uri https://www.wikidata.org/w/api.php?action=cspreport&format=none

TASK DETAIL
  https://phabricator.wikimedia.org/T238618

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Bawolff
Cc: Lucas_Werkmeister_WMDE, Aklapper, Bawolff, darthmon_wmde, DannyS712, 
Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, EBjune, merbst, LawExplorer, 
Salgo60, _jensen, rosalieper, Scott_WUaS, Jonas, Xmlizer, jkroll, Smalyshev, 
Wikidata-bugs, Jdouglas, aude, Tobias1984, Manybubbles, Lydia_Pintscher, Mbch331

_______________________________________________
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

[Wikidata-bugs] [Maniphest] [Commented On] T238618: Adopt a CSP policy for query.wikidata.org

Reply via email to