[ZendTo] Content Security Policy
Viktor Steinmann
stony at stony.com
Fri Feb 22 07:40:17 GMT 2019
Good morning all
I have been playing around with Content Security Headers for ZendTo, but
didn't manage to get them completely right. Does someone have a working
set of of CSP headers available to share?
While we're at it: Inline JavaScript kills part of any CSP, as it
required an "unsafe-inline" part in the policy. If all JavaScript could
be extracted from the HTML and put into separate .js files, the CSP
could be tightened even more. Increasing security would be cool, right? ;-)
Kind regards,
Viktor
More information about the ZendTo
mailing list