What is CSP

  • Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
  • Configuring Content Security Policy involves adding the Content-Security-Policy HTTP header to a web page and giving it values to control what resources the user agent is allowed to load for that page.
  • More here.

A Half Example

  • It’s available here (to Clare only).
  • I seem to have kept only some of the relevant code – it’s some of the test code we wrote for this at Samba.
  • I also have the browser errors that prompted us to write these tests in the first place – in the same folder.