Bug 379399

Summary: kde.org gets a B in observatory.mozilla.org
Product: www.kde.org Reporter: Albert Astals Cid <aacid>
Component: generalAssignee: kde-www mailing-list <kde-www>
Severity: normal CC: jan, mundolibre, nate, schwancarl
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:

Description Albert Astals Cid 2017-05-01 10:36:27 UTC
I guess it'd be nice to get a better grade.

Comment 1 carl 2020-07-13 18:38:02 UTC
We now get B+, it is progress but still not good. The biggest reason we get a bad grade is because we don't have a  Content Security Policy enabled.

I just added a basic one: default-src https: 'unsafe-inline' but to improve it more we will need to hunt for all the instance of inline js for example onclick="js code" and inline style for example style="width: 800px". There are tons of them in the generated changelogs for example :(
Comment 2 David Marzal 2021-12-07 22:42:32 UTC
Now is a bare B.

The URL to the scan has changed:
Comment 3 Nate Graham 2021-12-11 16:34:21 UTC
I notice that mozilla.org itself only gets a B+!

Comment 4 Albert Astals Cid 2021-12-11 16:37:59 UTC
As reporter of the original bug, i think "B" is an acceptable result (compared to the D+ we got before)  and I'd be fine if we decided to close this as fixed
Comment 5 Nate Graham 2021-12-11 17:02:43 UTC
FWIW google.com gets a c- and wikipedia.org gets a D+! Since the criteria here seem very strict, B is probably fine, yeah.