Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disallowed CSP hostnames only checks for specific hosts #3979

Open
stephanie0x00 opened this issue Dec 18, 2024 · 0 comments · May be fixed by #3980
Open

Disallowed CSP hostnames only checks for specific hosts #3979

stephanie0x00 opened this issue Dec 18, 2024 · 0 comments · May be fixed by #3980
Assignees
@Rieven @Donnype
Labels
bits bug Something isn't working

Comments

@stephanie0x00
Copy link
Contributor

Describe the bug
The Disallowed CSP hostname Question currently requires that you have to specify each subdomain for a hostname in order to get it triggered. This means that if you enter: bad.com, it will trigger only items served from bad.com and not from script.bad.com.

Expected behavior
Subdomains are automatically picked up, as it's impossible to list all subdomains.

Screenshots
Image

OpenKAT version
main
@stephanie0x00 stephanie0x00 added bits bug Something isn't working labels Dec 18, 2024
@github-project-automation github-project-automation bot moved this to Incoming features / Need assessment in KAT Dec 18, 2024
@stephanie0x00 stephanie0x00 linked a pull request Dec 18, 2024 that will close this issue
Open
9 tasks
@underdarknl underdarknl moved this from Incoming features / Need assessment to Review in KAT Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rieven Rieven

@Donnype Donnype

Labels
bits bug Something isn't working
Projects
KAT
Status: Review
Milestone
No milestone
4 participants
@stephanie0x00 @Rieven @noamblitz @Donnype