Http content security policy: Difference between revisions
From wikinotes
No edit summary |
m (Will moved page Http csp to Http content security policy) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the [[http headers|header]] <code>Content-Security-Policy</code><br> | The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the [[http headers|header]] <code>Content-Security-Policy</code><br> | ||
It controls what resources a client is allowed to load from (ex: javascript, css, ...). | It controls what resources a client is allowed to load from (ex: javascript, css, ...). | ||
Entry values are space-separated, and new keys are separated by <code>;</code>s. | |||
= Documentation = | = Documentation = | ||
Line 10: | Line 12: | ||
|} | |} | ||
</blockquote><!-- Documentation --> | </blockquote><!-- Documentation --> | ||
= Examples = | |||
<blockquote> | |||
<syntaxhighlight lang="bash"> | |||
Content-Security-Policy: connect-src http://example.com/; | |||
script-src http://example.com/; | |||
font-src http://example.com/ | |||
</syntaxhighlight> | |||
</blockquote><!-- Examples --> |
Latest revision as of 15:15, 18 September 2021
The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the header Content-Security-Policy
It controls what resources a client is allowed to load from (ex: javascript, css, ...).
Entry values are space-separated, and new keys are separated by ;
s.
Documentation
MDN https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Examples
Content-Security-Policy: connect-src http://example.com/; script-src http://example.com/; font-src http://example.com/