CSP Content Security Policy
Contents of this page:
What is CSP
- Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
- Configuring Content Security Policy involves adding the Content-Security-Policy HTTP header to a web page and giving it values to control what resources the user agent is allowed to load for that page.
- More here.
A Half Example
- It’s available here (to Clare only).
- I seem to have kept only some of the relevant code – it’s some of the test code we wrote for this at Samba.
- I also have the browser errors that prompted us to write these tests in the first place – in the same folder.