Content Security Policy (CSP) aims to mitigate the risk of cross-site scripting attacks by giving developers fine-grained control over the resources a page is allowed to load, as well as the script it's allowed to execute.
I am making a google chrome extension where I want to use google maps. The problem is that when I …
javascript jquery google-maps google-chrome-extension content-security-policyI am writting a chrome extension that needs to have two domains in its whitelist for the content security policy. …
google-chrome-extension content-security-policyI have Java-based based web application running on Tomcat 6. My application is running on localhost and port 9001. To make my …
java html security web-applications content-security-policyI'm trying to make reCAPTCHA work along with a strict Content Security Policy. This is the basic version I have, …
recaptcha content-security-policySo I made a phonegap app which uses socket.io to do stuff. I have the following Content-Security-Policy (CSP) <…
ios cordova security webkit content-security-policyCurrently I'm using Modernizr on all my sites and it turns out because of how it works it requires unsafe-inline …
css content-security-policyCan Tomcat 7 be configured to insert Content-Security-Policy: frame-ancestors 'self' HTTP header with every response, like it can insert other security …
http security tomcat7 content-security-policyI'm trying to use TinyMCE while using following Content-Security-Policy HTTP header: X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-eval'; img-src *; media-src *; frame-src *; …
javascript security google-chrome tinymce content-security-policyI'm currently applying security measures in our Asp.net applications and had to solved a few issues like x-frame-options but …
asp.net security content-security-policyThe MDN page on Content Security Policy directives states the frame-src is deprecated and child-src should be used. However, Firefox 37 …
firefox content-security-policy