SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-06-18: Difference between revisions
< SummerOfCode | 2012 | UserCSP
Jump to navigation
Jump to search
No edit summary |
|||
Line 8: | Line 8: | ||
=== Monday, {{#time:d F|{{SUBPAGENAME}}}} === | === Monday, {{#time:d F|{{SUBPAGENAME}}}} === | ||
* Tested "X-Content-Security-Policy" header injection | |||
** Use google.co.in for testing and block images from google by setting img-src directive in CSP rules. I observed that userCSP add-on successfully injected "X-Content-Security-Policy" header in Google response web page and images from google were blocked. | |||
** I also created two websites in virtual machine for testing purpose namely "a.com" and "b.com". A webpage from "a.com" loads scripts and images from both "a.com" as well as "b.com". Using userCSP add-on, I set img-src and script-src to "a.com" for webpages from "a.com". Thus userCSP add-on sucessfully block resources from "b.com" to be loaded. | |||
=== Tuesday, {{#time:d F|{{SUBPAGENAME}} +1 day}} === | === Tuesday, {{#time:d F|{{SUBPAGENAME}} +1 day}} === |
Revision as of 17:39, 22 June 2012
« previous week | index | next week »
This Week
Monday, 18 June
- Tested "X-Content-Security-Policy" header injection
- Use google.co.in for testing and block images from google by setting img-src directive in CSP rules. I observed that userCSP add-on successfully injected "X-Content-Security-Policy" header in Google response web page and images from google were blocked.
- I also created two websites in virtual machine for testing purpose namely "a.com" and "b.com". A webpage from "a.com" loads scripts and images from both "a.com" as well as "b.com". Using userCSP add-on, I set img-src and script-src to "a.com" for webpages from "a.com". Thus userCSP add-on sucessfully block resources from "b.com" to be loaded.