Content Security Policy CSP
What is Content Security Policy? Content Security Policy is internet security standard to prevent the known attack like Cross-site scripting XSS, click hijacking and code injection. For example like, if your visiting website is http://www.example.com then you only able to access the data come from http://www.example.com, others URL or script and CDN like http://google.com/jquery.js also will be blocked. Beside that, it also contain some inline script <button onclick="testing()">Click Me!</button> will also be blocked. unless you do some configuration on the header. In short, it will do the following: 1) Whitelist to tell the client (Normally is Browser) what's allowed and what is not allowed. 2) Learn what directives are available 3) Learn the keywords they take 4) Inline code and eval () are considered harmful 5) Report Policy violations to your server before enforcing them. How to implement Content Security Policy (CSP)? <system.webS...