Jump to content

Edit History

pixelicous

pixelicous

This is a very important topic, working on my CSP now and i stumble upon many problems with prestashop.

It is very hard currently to implement content security policy.

Too much inline styling even out of the box.

The default ps google modules do not allow implementation of server NONCE oob (some official docs from google here)

 

After reading this here i still think there is much to be done in terms of security. Security should be a requirement, many modules and themes are probably breaking prestashop's security. And even outside the scope of third party modules, some default prestashop modules still trigger CSP warning reports due to inline of javascript, like the google analytics code and the cart module.

pixelicous

pixelicous

This is a very important topic, working on my CSP now and i stumble upon many problems with prestashop.

It is very hard currently to implement content security policy.

Too much inline styling even out of the box.

The default ps google modules do not allow implementation of server NONCE oob (some official docs from google here)

 

After reading this here i still think there is much to be done in terms of security. Security should be a requirement, many modules and themes are probably breaking prestashop's security.

pixelicous

pixelicous

This is a very important topic, working on my CSP now and i stumble upon many problems with prestashop.

It is very hard currently to implement content security policy.

Too much inline styling even out of the box.

The default ps google modules do not allow implementation of server NONCE oob (some official docs from google here)

 

After reading this here i still think there is much to be done in terms of security. Security should be a requirement, many modules and themes are probably breaking prestashop's security. And even outside the scope of third party modules, some default prestashop modules still trigger CSP warning reports due to inline of javascript, like the google analytics code and the cart module.

pixelicous

pixelicous

This is a very important topic, working on my CSP now and i stumble upon many problems with prestashop.

It is very hard currently to implement content security policy.

Too much inline styling even out of the box.

The default ps google modules do not allow implementation of server NONCE oob (some official docs from google here)

 

I'm bringing this up as this is very important security feature, during the prestashop ecommerce week i heard that prestashop is secured and working on security etc etc, thats so far from true in my opinion. I think prestashop should have a tight policy regarding security related items, if a module doesnt work to a specific standard it shouldnt be enabled or published to the store.

immediately this will turn prestashop to a more secure project, people will stop developing very bad modules with very bad practices that put shops in risk 

pixelicous

pixelicous

This is a very important topic, working on my CSP now and i stumble upon many problems with prestashop.

It is very hard currently to implement content security policy.

Too much inline styling even out of the box.

The default google modules do not generation of NONCE (some official docs from google here)

 

I'm bringing this up as this is very important security feature, during the prestashop ecommerce week i heard that prestashop is secured and working on security etc etc, thats so far from true in my opinion. I think prestashop should have a tight policy regarding security related items, if a module doesnt work to a specific standard it shouldnt be enabled or published to the store.

immediately this will turn prestashop to a more secure project, people will stop developing very bad modules with very bad practices that put shops in risk 

×
×
  • Create New...