$ cat ~/.config/mimeapps.list # open Archives with FileRoller and not extract them immediately, wich is the new behaviour when clicking archives in...
Apply Test Driven Development(TDD) to the process of building container images by defining test before writing code and automate...
We often do some HTTP requests to fetch the data we want to check for certain criteria. Testing this in...
When a nginx reverse proxy complains about upstreams sending too big headers, tweaking the buffers responsibly can help to prevent...
If you want to check the configuration of a running JVM process you can use jcmd. List the running processes...
There are cases where we have multiple exported resources that are identical. There are nodes that provide the same services...
Nginx is capable of forwarding a unix socket to UDP backend servers. This is quite handy for load balance syslog...
When terragrunt is relaying information to input variables it's happening via environment variables. Depending on the size of the...
How can I configure virtual IP's? There are two parameter to set up virtual ips in Keepalived: virtual_ipaddress...
What is netfilter's Connection Tracking system? The connection tracking system often referenced as nf_conntrack is part of the...
We have observed Lenovo laptops with nvidia graphics losing performance after they have been in use for a few minutes...
You will need to look here and find your own device. Look for the "bootable CD" download, which will give...
If you want to perform a failover on another haproxy backend server this is the way you should do it...
Install and configure the AWS Command Line Interface Show existing certificates to test if the AWS Cli is working:
Best results in other decks
When you load a with a nonce, that script can await import() additional sources from any hostname. The nonce is propagated automatically for the one purpose of importing more scripts. This is not related to strict-dynamic, which propagates nonces for any propose not limited to imports (e.g. inserting elements). Example We have a restrictive CSP that only allows nonces: Content-Security-Policy: default-src 'none'; script-src 'nonce-secret123' Our HTML loads script.js using that nonce: Our script.js imports other.js without a nonce: let other = await import('other.js') console.log("Look, script.js has imported %o", other) The import succeeds without a nonce, due to implicit nonce propagation. Why this is useful In modern build pipelines, code splitting (chunking) is implemented using dynamic imports. Nonce propagation allows us to use automatic chunking with restrictive, nonce-based CSPs without using strict-dynamic. E.g. esbuild automatically groups dynamically imported modules into chunks, and writes that chunk to disk. The compiled build has an await import('assets/chunk-NAXSMFJV.js'). There's no way to inject a nonce into that import(), but implicit nonce propagation still allows the request. Should I worry about this? It would require some truly strange code for user input to make it into an import() argument. I wouldn't lose sleep over this. Is this a browser bug? It is by design. Here are some sources: HTML Spec Section 8 (Web Application APIs) (search for "descendant script fetch options") Chromium test ensuring none propagation Firefox bug implementing nonce propagation CSP issue: Someone concerned about propagation being a vulnerability CSP issue: Proposal for import-src that went nowhere Are other CSP sources also propagated? No, only nonces. In particular host-based CSPs do not propagate trust. For example, you only allow scripts from our own host (no nonces): Content-Security-Policy: default-src 'none'; script-src 'self' Our HTML loads script.js from our own host: Our script.js imports other.js from a different host: let other = await import('https://other-host.com/other.js') This fails with a CSP violation: Executing inline script violates the following Content Security Policy directive 'script-src 'self''
Below is a strict, but still workable Content Security Policy for your Ruby on Rails project. Use this CSP if...