This repository has been archived by the owner on Nov 4, 2024. It is now read-only.
CSP header for API endpoints #315
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi,
I'm implementing CSP header for API endpoints and have seen
default-src 'none'; frame-ancestors 'none'recommended as the value for this header: https://infosec.mozilla.org/guidelines/web_security#content-security-policyHowever, when I run several scanning tests on https://observatory.mozilla.org, it's said that
base-uriandform-actionare missing.My question is: are these two directives necessary for API endpoints? Thank you!
The text was updated successfully, but these errors were encountered: