Add Content-Security-Policy (CSP) to the DBT docs website
sfc-gh-kumaurya opened this issue · 3 comments
Describe the feature
Adding the Content Security Policy will improve the security of the website. We need this policy to be embedded inside the website.
Describe alternatives you've considered
Right now we are hosting this website using S3 Bucket and CloudFront. We tried adding the CSP inside the CloudFront but we are facing some challenges w.r.t. style-src and image-src.
- style-src: We were generating the base64 of sha256 hashes of styles to use inside the CSP but the problem is there are so many styles distributed inside the index.html file and these many base64 hashes won't be allowed inside CSP.
- image-src: There are two images I can see, one is a hyperlink and another one is SVG. I was not able to figure out how to allow them in CSP.
Please let me know any solution you have for them and it would be better if CSP is included in the index.html file as meta.
Who will this benefit?
Everyone who is using DBT docs website
Are you interested in contributing this feature?
Yes, please let me know the solution for style-src and image-src on how can we add them in CSP.
Thanks for reaching out @sfc-gh-kumaurya !
I don't know how to add the policies that you mentioned to the dbt docs website, but I'd be happy to review a PR if you or someone else is able to figure it out.
This issue has been marked as Stale because it has been open for 180 days with no activity. If you would like the issue to remain open, please comment on the issue or else it will be closed in 7 days.
Although we are closing this issue as stale, it's not gone forever. Issues can be reopened if there is renewed community interest. Just add a comment to notify the maintainers.