![]() The 'self' value here tells CSP that the browser should only fetch resources from the same origin as the page that set the policy. This includes all types of resources such as images, css files, javascript files, etc. ![]() The default-src directive controls what URLs are allowed to be used for fetching resources on the page. With this policy the default-src directive is set to the source list value: 'self' Here's a very simple CSP policy that uses the default-src directive: Content-Security-Policy: default-src 'self' Developers can set CSP using either a HTTP response header, or with a HTML meta tag. ![]() It might show up in the status column as (blocked:csp)ĬSP stands for Content Security Policy, and it is a browser security mechanism. You may be seeing blocked:csp in Chrome developer tools when the browser is trying to load a resource. Why does CSP block the loading of resources, and what does blocked:csp mean? What does blocked:csp mean?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |