Difference between revisions of "Content Security Policy"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== Content Security Policy is a mechanism designed to make applications more secure against common web vulnerabilities, particularly cross-site scripti...")
 
(Problems)
(One intermediate revision by the same user not shown)
Line 6: Line 6:
  
 
==Problems==
 
==Problems==
 +
Cross-site scripting (XSS) attacks, for example, bypass the same origin policy by tricking a site into delivering malicious code along with the intended content. This is a huge problem, as browsers trust all of the code that shows up on a page as being legitimately part of that page’s security origin.
 +
 
==Solutions==
 
==Solutions==
 
+
* [https://www.html5rocks.com/en/tutorials/security/content-security-policy/ An Introduction to Content Security Policy]
 
 
  
 
==References==
 
==References==

Revision as of 18:17, 26 October 2019

Full Title or Meme

Content Security Policy is a mechanism designed to make applications more secure against common web vulnerabilities, particularly cross-site scripting. It is enabled by setting the Content-Security-Policy HTTP response header.

Context

Problems

Cross-site scripting (XSS) attacks, for example, bypass the same origin policy by tricking a site into delivering malicious code along with the intended content. This is a huge problem, as browsers trust all of the code that shows up on a page as being legitimately part of that page’s security origin.

Solutions

References