What is Content Security Policy or CSP?

it is the name of a response HEADER that sets a strict security model on the website bu limiting third party resources from executing on the page. This helps to prevent Cross-Site Scripting (XSS).

How does it work?

It works by explicitly allowing certain third part endpoints (domains) to do certain actions, like executing a script or perform js injection.

What CSP types/actions do you need for our script.

You will need the following:

script-src 'self' 'unsafe-inline' 'unsafe-eval'

what domain should you whitelist?

All of our resources related to our solution comes from the domain.


Did this answer your question?