Http content security policy: Difference between revisions
From wikinotes
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the [[http header]] <code>Content-Security-Policy</code><br> | The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the [[http headers|header]] <code>Content-Security-Policy</code><br> | ||
It controls what resources a client is allowed to load from (ex: javascript, css, ...). | It controls what resources a client is allowed to load from (ex: javascript, css, ...). | ||
Revision as of 15:08, 18 September 2021
The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the header Content-Security-Policy
It controls what resources a client is allowed to load from (ex: javascript, css, ...).
Documentation
MDN https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy