mirror of
https://github.com/thangisme/notes.git
synced 2024-11-01 02:07:20 -04:00
299 lines
5.5 KiB
JSON
299 lines
5.5 KiB
JSON
|
{
|
||
|
"title":"Content Security Policy 1.0",
|
||
|
"description":"Mitigate cross-site scripting attacks by whitelisting allowed sources of script, style, and other resources.",
|
||
|
"spec":"http://www.w3.org/TR/2012/CR-CSP-20121115/",
|
||
|
"status":"cr",
|
||
|
"links":[
|
||
|
{
|
||
|
"url":"http://html5rocks.com/en/tutorials/security/content-security-policy/",
|
||
|
"title":"HTML5Rocks article"
|
||
|
},
|
||
|
{
|
||
|
"url":"http://content-security-policy.com/",
|
||
|
"title":"CSP Examples & Quick Reference"
|
||
|
}
|
||
|
],
|
||
|
"bugs":[
|
||
|
{
|
||
|
"description":"Partial support in Internet Explorer 10-11 refers to the browser only supporting the 'sandbox' directive by using the `X-Content-Security-Policy` header."
|
||
|
},
|
||
|
{
|
||
|
"description":"Partial support in iOS Safari 5.0-5.1 refers to the browser recognizing the `X-Webkit-CSP` header but failing to handle complex cases correctly, often resulting in broken pages."
|
||
|
},
|
||
|
{
|
||
|
"description":"Chrome for iOS fails to render pages without a [connect-src 'self'](https://code.google.com/p/chromium/issues/detail?id=322497) policy."
|
||
|
}
|
||
|
],
|
||
|
"categories":[
|
||
|
"Other"
|
||
|
],
|
||
|
"stats":{
|
||
|
"ie":{
|
||
|
"5.5":"n",
|
||
|
"6":"n",
|
||
|
"7":"n",
|
||
|
"8":"n",
|
||
|
"9":"n",
|
||
|
"10":"a #1",
|
||
|
"11":"a #1"
|
||
|
},
|
||
|
"edge":{
|
||
|
"12":"y",
|
||
|
"13":"y",
|
||
|
"14":"y",
|
||
|
"15":"y"
|
||
|
},
|
||
|
"firefox":{
|
||
|
"2":"n",
|
||
|
"3":"n",
|
||
|
"3.5":"n",
|
||
|
"3.6":"n",
|
||
|
"4":"y #1",
|
||
|
"5":"y #1",
|
||
|
"6":"y #1",
|
||
|
"7":"y #1",
|
||
|
"8":"y #1",
|
||
|
"9":"y #1",
|
||
|
"10":"y #1",
|
||
|
"11":"y #1",
|
||
|
"12":"y #1",
|
||
|
"13":"y #1",
|
||
|
"14":"y #1",
|
||
|
"15":"y #1",
|
||
|
"16":"y #1",
|
||
|
"17":"y #1",
|
||
|
"18":"y #1",
|
||
|
"19":"y #1",
|
||
|
"20":"y #1",
|
||
|
"21":"y #1",
|
||
|
"22":"y #1",
|
||
|
"23":"y",
|
||
|
"24":"y",
|
||
|
"25":"y",
|
||
|
"26":"y",
|
||
|
"27":"y",
|
||
|
"28":"y",
|
||
|
"29":"y",
|
||
|
"30":"y",
|
||
|
"31":"y",
|
||
|
"32":"y",
|
||
|
"33":"y",
|
||
|
"34":"y",
|
||
|
"35":"y",
|
||
|
"36":"y",
|
||
|
"37":"y",
|
||
|
"38":"y",
|
||
|
"39":"y",
|
||
|
"40":"y",
|
||
|
"41":"y",
|
||
|
"42":"y",
|
||
|
"43":"y",
|
||
|
"44":"y",
|
||
|
"45":"y",
|
||
|
"46":"y",
|
||
|
"47":"y",
|
||
|
"48":"y",
|
||
|
"49":"y",
|
||
|
"50":"y",
|
||
|
"51":"y",
|
||
|
"52":"y",
|
||
|
"53":"y",
|
||
|
"54":"y"
|
||
|
},
|
||
|
"chrome":{
|
||
|
"4":"n",
|
||
|
"5":"n",
|
||
|
"6":"n",
|
||
|
"7":"n",
|
||
|
"8":"n",
|
||
|
"9":"n",
|
||
|
"10":"n",
|
||
|
"11":"n",
|
||
|
"12":"n",
|
||
|
"13":"n",
|
||
|
"14":"y #2",
|
||
|
"15":"y #2",
|
||
|
"16":"y #2",
|
||
|
"17":"y #2",
|
||
|
"18":"y #2",
|
||
|
"19":"y #2",
|
||
|
"20":"y #2",
|
||
|
"21":"y #2",
|
||
|
"22":"y #2",
|
||
|
"23":"y #2",
|
||
|
"24":"y #2",
|
||
|
"25":"y",
|
||
|
"26":"y",
|
||
|
"27":"y",
|
||
|
"28":"y",
|
||
|
"29":"y",
|
||
|
"30":"y",
|
||
|
"31":"y",
|
||
|
"32":"y",
|
||
|
"33":"y",
|
||
|
"34":"y",
|
||
|
"35":"y",
|
||
|
"36":"y",
|
||
|
"37":"y",
|
||
|
"38":"y",
|
||
|
"39":"y",
|
||
|
"40":"y",
|
||
|
"41":"y",
|
||
|
"42":"y",
|
||
|
"43":"y",
|
||
|
"44":"y",
|
||
|
"45":"y",
|
||
|
"46":"y",
|
||
|
"47":"y",
|
||
|
"48":"y",
|
||
|
"49":"y",
|
||
|
"50":"y",
|
||
|
"51":"y",
|
||
|
"52":"y",
|
||
|
"53":"y",
|
||
|
"54":"y",
|
||
|
"55":"y",
|
||
|
"56":"y",
|
||
|
"57":"y",
|
||
|
"58":"y",
|
||
|
"59":"y"
|
||
|
},
|
||
|
"safari":{
|
||
|
"3.1":"n",
|
||
|
"3.2":"n",
|
||
|
"4":"n",
|
||
|
"5":"n",
|
||
|
"5.1":"a #2",
|
||
|
"6":"y #2",
|
||
|
"6.1":"y #2",
|
||
|
"7":"y",
|
||
|
"7.1":"y",
|
||
|
"8":"y",
|
||
|
"9":"y",
|
||
|
"9.1":"y",
|
||
|
"10":"y",
|
||
|
"10.1":"y",
|
||
|
"TP":"y"
|
||
|
},
|
||
|
"opera":{
|
||
|
"9":"n",
|
||
|
"9.5-9.6":"n",
|
||
|
"10.0-10.1":"n",
|
||
|
"10.5":"n",
|
||
|
"10.6":"n",
|
||
|
"11":"n",
|
||
|
"11.1":"n",
|
||
|
"11.5":"n",
|
||
|
"11.6":"n",
|
||
|
"12":"n",
|
||
|
"12.1":"n",
|
||
|
"15":"y",
|
||
|
"16":"y",
|
||
|
"17":"y",
|
||
|
"18":"y",
|
||
|
"19":"y",
|
||
|
"20":"y",
|
||
|
"21":"y",
|
||
|
"22":"y",
|
||
|
"23":"y",
|
||
|
"24":"y",
|
||
|
"25":"y",
|
||
|
"26":"y",
|
||
|
"27":"y",
|
||
|
"28":"y",
|
||
|
"29":"y",
|
||
|
"30":"y",
|
||
|
"31":"y",
|
||
|
"32":"y",
|
||
|
"33":"y",
|
||
|
"34":"y",
|
||
|
"35":"y",
|
||
|
"36":"y",
|
||
|
"37":"y",
|
||
|
"38":"y",
|
||
|
"39":"y",
|
||
|
"40":"y",
|
||
|
"41":"y",
|
||
|
"42":"y",
|
||
|
"43":"y",
|
||
|
"44":"y",
|
||
|
"45":"y"
|
||
|
},
|
||
|
"ios_saf":{
|
||
|
"3.2":"n",
|
||
|
"4.0-4.1":"n",
|
||
|
"4.2-4.3":"n",
|
||
|
"5.0-5.1":"a #2",
|
||
|
"6.0-6.1":"y #2",
|
||
|
"7.0-7.1":"y",
|
||
|
"8":"y",
|
||
|
"8.1-8.4":"y",
|
||
|
"9.0-9.2":"y",
|
||
|
"9.3":"y",
|
||
|
"10.0-10.2":"y"
|
||
|
},
|
||
|
"op_mini":{
|
||
|
"all":"n"
|
||
|
},
|
||
|
"android":{
|
||
|
"2.1":"n",
|
||
|
"2.2":"n",
|
||
|
"2.3":"n",
|
||
|
"3":"n",
|
||
|
"4":"n",
|
||
|
"4.1":"n",
|
||
|
"4.2-4.3":"n",
|
||
|
"4.4":"y",
|
||
|
"4.4.3-4.4.4":"y",
|
||
|
"53":"y"
|
||
|
},
|
||
|
"bb":{
|
||
|
"7":"n",
|
||
|
"10":"y #2"
|
||
|
},
|
||
|
"op_mob":{
|
||
|
"10":"n",
|
||
|
"11":"n",
|
||
|
"11.1":"n",
|
||
|
"11.5":"n",
|
||
|
"12":"n",
|
||
|
"12.1":"n",
|
||
|
"37":"y"
|
||
|
},
|
||
|
"and_chr":{
|
||
|
"56":"y"
|
||
|
},
|
||
|
"and_ff":{
|
||
|
"51":"y"
|
||
|
},
|
||
|
"ie_mob":{
|
||
|
"10":"a #1",
|
||
|
"11":"a #1"
|
||
|
},
|
||
|
"and_uc":{
|
||
|
"11":"y #2"
|
||
|
},
|
||
|
"samsung":{
|
||
|
"4":"y"
|
||
|
},
|
||
|
"and_qq":{
|
||
|
"1.2":"y"
|
||
|
}
|
||
|
},
|
||
|
"notes":"The standard HTTP header is `Content-Security-Policy` which is used unless otherwise noted.",
|
||
|
"notes_by_num":{
|
||
|
"1":"Supported through the `X-Content-Security-Policy` header",
|
||
|
"2":"Supported through the `X-Webkit-CSP` header"
|
||
|
},
|
||
|
"usage_perc_y":88.34,
|
||
|
"usage_perc_a":4.67,
|
||
|
"ucprefix":false,
|
||
|
"parent":"",
|
||
|
"keywords":"csp,security,header",
|
||
|
"ie_id":"contentsecuritypolicy",
|
||
|
"chrome_id":"5205088045891584",
|
||
|
"firefox_id":"",
|
||
|
"webkit_id":"",
|
||
|
"shown":true
|
||
|
}
|