rob
December 18, 2022, 1:53am
13
Third-party security audits show that the dashboard is unsafe too. This might be related to the issue I just created about the dashboard’ss ContentSecurityPolicy (CSP) here:
We added a ContentSecurityPolicy (CSP) to our NodeJs server as middleware to increase our security, but the Parse Dashboard appears to have inline script/styling which goes against CSP (see attached screenshot from a vendor).
This forces us to choose between accessing our dashboard without a secure policy in place and failing 3rd-party security checks, or securing our dashboard without being able to view it on the screen because it’s blocked by the browser content security policy.
Here are the…