What is Content Security Policy or CSP?
it is the name of a response HEADER that sets a strict security model on the website bu limiting third party resources from executing on the page. This helps to prevent Cross-Site Scripting (XSS).
How does it work?
It works by explicitly allowing certain third part endpoints (domains) to do certain actions, like executing a script or perform js injection.
What CSP types/actions do you need for our script.
You will need the following:
script-src 'self' 'unsafe-inline' 'unsafe-eval'
what domain should you whitelist?
All of our resources related to our solution comes from the domain.