x/website/cmd/golangorg: Add Content Security Policy #36892
Labels
NeedsFix
The path to resolution is known, but the work has not been done.
Milestone
Comments
andybons
added
NeedsFix
|
This doesn't need a proposal. Feel free to submit a fix :) |
andybons
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CSP is an important protection against some of the higher risk web vulnerabilities and the official Go website doesn't currently adopt it.
Moreover CSP is a internal requirement for any website hosted on *.google.eTLD and the Go website is currently also hosted on golang.google.cn.
I can take care of fixing this or finding someone that can work on it if the proposal is accepted.
/cc @dmitshur @andybons
The text was updated successfully, but these errors were encountered: