Http content security policy: Difference between revisions
From wikinotes
No edit summary |
No edit summary |
||
| Line 10: | Line 10: | ||
|} | |} | ||
</blockquote><!-- Documentation --> | </blockquote><!-- Documentation --> | ||
= Examples = | |||
<blockquote> | |||
<syntaxhighlight lang="bash"> | |||
Content-Security-Policy: connect-src http://example.com/; | |||
script-src http://example.com/; | |||
font-src http://example.com/ | |||
</syntaxhighlight> | |||
</blockquote><!-- Examples --> | |||
Revision as of 15:12, 18 September 2021
The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the header Content-Security-Policy
It controls what resources a client is allowed to load from (ex: javascript, css, ...).
Documentation
MDN https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Examples
Content-Security-Policy: connect-src http://example.com/; script-src http://example.com/; font-src http://example.com/
