Forums : Suggestions for Ohloh 2.0
Dear Open Hub Users,
We’re excited to announce that we will be moving the Open Hub Forum to
https://community.blackduck.com/s/black-duck-open-hub.
Beginning immediately, users can head over,
register,
get technical help and discuss issue pertinent to the Open Hub. Registered users can also subscribe to Open Hub announcements here.
On May 1, 2020, we will be freezing https://www.openhub.net/forums and users will not be able to create new discussions. If you have any questions and concerns, please email us at
[email protected]
CSP-friendly widgets
I'm currently trying to implement a Content Security Policy (CSP) on our project site.
TL;DR: a CSP allows to tell a browser where it is supposed to find resources like scripts and styles, and pin this down to a number of (preferably few) known locations.
In particular, you try to avoid using inline scripts and styles, because those can likely be influenced by people without privileged access to your site (e.g. embedded in user comments).
OpenHub widgets use inline styles - if those could be moved to a style sheet file, using the widgets with a CSP would become easier and. It might even make OpenHub more efficient, because this style it likely the same for all widgets of some kinds.
See https://observatory.mozilla.org/analyze.html?host=openhub.net for links to various ways to improve OpenHub in regard to security, CSP is among them.
