You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi @sbe-arg, thank you for opening this feature request. Did you activated the CORS in the settings by any chance ?
I'll have a look for an hardened CSP on error pages.
I added the CSP header for the error pages, thank you again for this feature idea.
For the CORS, this is very weird if you have the default values it shouldn't accept the requests, i'll have a look into it and let you know !
PS: I just tried it on one of our website and the CORS test passes on the Observatory 🤔
What's needed and why?
When you have a website that shows the 401 page intentionally at root /
Mozilla observatory reports the domain as D
Implementations ideas (optional)
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: