Testing Disqus CSP

A simple site to assist in fine tuning the CSP rules required for Disqus.

Outstanding Issues

One of the scripts for Disqus includes a call to eval which contradicts the script-src CSP directive because I did NOT allow unsafe-eval, therefore Disqus may not work as intended.

The current CSP rules enforced are: default-src 'none' ; script-src 'self' disqus.com disqus-csp.disqus.com c.disquscdn.com; style-src 'self' c.disquscdn.com; img-src 'self' referrer.disqus.com c.disquscdn.com; connect-src links.services.disqus.com; child-src disqus.com; frame-src disqus.com; upgrade-insecure-requests; block-all-mixed-content;

Full source code for the website is on GitHub at: https://github.com/TheYorkshireDev/disqus-csp

You can find me on Twitter @TheYorkshireDev