Http content security policy: Difference between revisions

From wikinotes
No edit summary
m (Will moved page Http csp to Http content security policy)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the [[http headers|header]] <code>Content-Security-Policy</code><br>
The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the [[http headers|header]] <code>Content-Security-Policy</code><br>
It controls what resources a client is allowed to load from (ex: javascript, css, ...).
It controls what resources a client is allowed to load from (ex: javascript, css, ...).
Entry values are space-separated, and new keys are separated by <code>;</code>s.


= Documentation =
= Documentation =

Latest revision as of 15:15, 18 September 2021

The Content-Security-Policy (CSP) is configured by the server in HTTP responses in the header Content-Security-Policy
It controls what resources a client is allowed to load from (ex: javascript, css, ...).

Entry values are space-separated, and new keys are separated by ;s.

Documentation

MDN https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

Examples

Content-Security-Policy: connect-src http://example.com/;
                         script-src  http://example.com/;
                         font-src    http://example.com/
Retrieved from "http://willpittman.net:8080/index.php?title=Http_content_security_policy&oldid=27375"