ttaubermarshall-stripe opened a new issue #20934: URL: https://github.com/apache/airflow/issues/20934
### Description CSP (Content Security Policy) is a layer of security that can be applied to web applications to mitigate certain types of attacks, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP Currently, it is difficult to apply a strict CSP to the Airflow web ui due to the use of certain html constructs that are considered unsafe, such as inline scripts and styles and style attributes. Rewriting the Airflow html templates to remove these constructs would allow for stricter policies to be applied. ### Use case/motivation Applying strict CSPs creates confidence that the web application is not vulnerable to certain types of attacks such as XSS, which is useful for security conscious users and for passing security audits. ### Related issues _No response_ ### Are you willing to submit a PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
