Security headers are missing #6623
Replies: 3 comments
-
Hi @AkashThoriya, Yes, the CSP header is missing because it impacts the whole content of the homepage, and I am also aware of that. I will add this but needs to check the content also as this will block all the dynamic contents mostly. |
Beta Was this translation helpful? Give feedback.
-
Yes, you are right, it impacts the whole content of the homepage. |
Beta Was this translation helpful? Give feedback.
-
@devansh-webkul @dseguy @emtudo Because it's really important as security point of view |
Beta Was this translation helpful? Give feedback.
-
Bug Report
Few security-related headers are missing
Issue Description
CSP policies headers are not here
Bagisto Version
Latest version
Steps To Reproduce
Generate demo via https://demo.bagisto.com/ and
paste link into these sites
https://cspvalidator.org/
https://securityheaders.com/
Actual Result
Headers are not there
![image](https://user-images.githubusercontent.com/53002296/135603370-0720f333-f120-47eb-8906-38a97709360f.png)
![image](https://user-images.githubusercontent.com/53002296/135603393-850ee66f-d608-43f3-be2a-7a64eaea003e.png)
Expected Result
Headers must be there
Beta Was this translation helpful? Give feedback.
All reactions