This repository was archived by the owner on Nov 4, 2024. It is now read-only.
This repository was archived by the owner on Nov 4, 2024. It is now read-only.
Blank http-equiv causes CSP test to fail with 'csp-header-invalid' #492
Description
My site is currently returning the following CSP headers:
content-security-policy: default-src 'self'; script-src 'self'; object-src 'none'; frame-ancestors 'none'
However, the framework used to generate my site adds the following meta tag to the HTML header:
<meta http-equiv="content-security-policy" content="">In this situation, equiv_csp_header ends up being a blank string and causes a CSP parsing error because the string is too short.
I plan on fixing the http-equiv for my site, but the observatory code should probably check if equiv_csp_header is a blank line before attempting to parse it.