A Content-Security-Policy helps mitigate cross-site scripting (XSS) attacks by specifying allowed origins for contents like scripts and iframes.
Although we cannot specify trusted origins for all asset types (users are free to add images from any origin, for example), it may make sense to specify trusted origins for scripts and iframes.
A Content-Security-Policy helps mitigate cross-site scripting (XSS) attacks by specifying allowed origins for contents like scripts and iframes.
Although we cannot specify trusted origins for all asset types (users are free to add images from any origin, for example), it may make sense to specify trusted origins for scripts and iframes.