search

sesh / ready

Are you production ready?
ISC License
26 stars 4 forks source link

Check for default-src / script-src in content security policy #6

Closed sesh closed 11 months ago

sesh commented 1 year ago

A policy needs to include a default-src or script-src directive to prevent inline scripts from running, as well as blocking the use of eval().

via https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP