2 2 votes Content Security Policy (CSP) is promoted as a way to mitigate content injection vulnerabilities including cross-site scripting. When making a website when should a CSP header be included and when is it of no use? I read https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP which explained what CSP is, but I am still confused as to when to use it. Web Development csp content-security-policy web-development security + – 0% Accept Rate Accepted 0 answers out of 1 questions turingtest 150 points 1 1 1 answer comment Share 0 reply Please log in or register to add a comment.
3 3 votes Content Security Policy (CSP) is designed to mitigate when attackers find a website vulnerable to XSS attacks, they have two options of injecting malicious scripts into it: Inline script: when attackers put their code directly into your website’s HTML. Load script from an external domain: when attackers load a script from multiple infected sites and modify the script when they need to. All the changes will be reflected on those sites. However it could happen to any website, but it is most useful to be implemented when your web pages contain HTML forms for users to submit data but also can be exploited to run the malicious commands on the server. tofighi answered Sep 30, 2018 tofighi 116k points 73 79 101 comment Share 0 reply Please log in or register to add a comment.
Courses
Feedback