Why doesn't the new-relic-admin support nonced CSP?
allen-munsch opened this issue · 15 comments
Seems weird that the default would be "'unsafe-inline'"?
-
newrelic-python-agent/newrelic/api/web_transaction.py
Lines 42 to 44 in ad65494
Any suggestions?
-
https://discuss.newrelic.com/t/content-security-policy-and-browser-injection/2629
-
newrelic-python-agent/newrelic/api/web_transaction.py
Lines 402 to 403 in ad65494
Similar:
As linked above, this has been implemented in the Ruby agent so would appear to be fairly trivial to implement for the Python agent as well. As far as I've seen, the reasoning for not doing this so far hinges on an assumption that it would involve breaking compatibility with outdated browsers, although that's not necessarily true or even important to many people, as expressed by many over 6 years in this thread.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
It's not stale?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This should not be marked as stale as it is a security focused feature request
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
+1
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
+1