Skip to content

Investigate adding a Content Security Policy (CSP)

Created by: umpox

Feature request description

We should look adding a CSP to guard against malicious/insecure code in our webapp.

A good starting point would be:

  1. Produce a suitable CSP
  2. Evaluate it with https://csp-evaluator.withgoogle.com/
  3. Enable it on Sourcegraph.com set to report-only
  4. See what warnings we get