Skip to content

Instantly share code, notes, and snippets.

@oreoshake

oreoshake/gist:5298160

Created April 3, 2013 03:12
Show Gist options
  • Save oreoshake/5298160 to your computer and use it in GitHub Desktop.
Save oreoshake/5298160 to your computer and use it in GitHub Desktop.
Download ZIP
Invalid CSP headers in the veracode report
Raw
gistfile1.txt
chrome
"default-src *;script-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl 'unsafe-inline' 'unsafe-eval' https://*.akamaihd.net http://*.akamaihd.net;style-src * 'unsafe-inline';connect-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.spotilocal.com:* https://*.akamaihd.net ws://*.facebook.com:* http://*.akamaihd.net;",
"default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline'; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline';"
firefox
"default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com https://completr.appspot.com; frame-src 'self' http://ad.adserver-pro.net; font-src 'none' ; connect-src 'none'; media-src 'self'; object-src 'none'; style-src 'self' ;",
"default-src https: data:; options eval-script inline-script; report-uri /gen_204?atyp=csp",
"allow 'self'; img-src *; media-src *; frame-src *; font-src *; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval';",
"default-src 'self' chrome-extension:; font-src 'self' https://d3s6mut3hikguw.cloudfront.net chrome-extension:; frame-ancestors 'self' chrome-extension:; frame-src https://checkout.stripe.com https://platform.twitter.com chrome-extension:; img-src 'self' https://ssl.google-analytics.com https://d3s6mut3hikguw.cloudfront.net https://secure.gravatar.com data: chrome-extension:; media-src 'self' chrome-extension:; object-src 'self' chrome-extension:; script-src 'self' https://checkout.stripe.com https://platform.twitter.com https://d3s6mut3hikguw.cloudfront.net https://ssl.google-analytics.com https://dnn506yrbagrg.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://beacon-1.newrelic.com chrome-extension:; style-src 'self' https://d3s6mut3hikguw.cloudfront.net chrome-extension:; xhr-src 'self' chrome-extension:; report-uri https://codeclimate.com/csp-reports;",
"default-src https: 'unsafe-eval' 'unsafe-inline'",
"default-src 'self' fruux.uservoice.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com widget.uservoice.com; img-src 'self' www.google-analytics.com ssl.google-analytics.com widget.uservoice.com secure.gravatar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src themes.googleusercontent.com",
"default-src 'self'; frame-src 'none'; https://www.watsonhall.com/resources/include/monitoring/csp.pl;",
"default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src *; font-src 'self' data:",
"default-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com *.google-analytics.com; style-src 'self' *.evocdn.co.uk *.rackcdn.com *.google-analytics.com; img-src 'self' *.evocdn.co.uk *.rackcdn.com *.evocdn.evo.com data: *.google-analytics.com https://c906980.ssl.cf3.rackcdn.com; frame-src 'self'; script-src 'self' eval-script inline-script *.evocdn.co.uk *.rackcdn.com *.google-analytics.com; options eval-script inline-script;"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment