What is the recommended Content Security Policy for Wiki.js? #7135
Unanswered
zeezephyr
asked this question in
Help / Questions
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
It seems a CSP like
"default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'" always;
is needed when reverse proxying Wiki.js. This is unsafe though and allows for XSS attacks. Is there a safer recommended CSP?Beta Was this translation helpful? Give feedback.
All reactions