Posts

Showing posts from September, 2024

What is "vacceedpasian.com"?

Image
Last month, I noticed a bunch of CSP enforcement block actions against https://vacceedpasian.com/conversion.js, and I'm curious if anyone knows what this is.  CSP stands for "Content Security Policy" and is a mechanism by which web sites can help detect and protect themselves against certain kinds of attacks such as cross-site scripting (XSS). We implement it at Epic Road Trip Planner , and use a trusted third-party service called Report URI to monitor detection and enforcement of attempted violations of our CSP policy.  You can think of CSP a bit like my spry overgrown puppy of a grand-dog below. Even though he has no clue what his big beautiful brindled beast of a sister even wants over there, he's definitely going to pounce on her to stop her (enforce the CSP), and bark to let me know (send an enforcement report to Report URI).  (I know that's a bit of a tortured analogy, but I sure do love these dogs, and I wanted you to see them.) In addition to well-known a...