dart_ci icon indicating copy to clipboard operation
dart_ci copied to clipboard
verified publisher icon dart-lang

Apply content-security-policy headers

Open jonasfj opened this issue 7 years ago • 0 comments

CSP headers allows you to restrict content.. and harden against XSS attacks.

It's always a good idea to forbid:

  • inline scripts
  • eval
  • scripts from domains you haven't whitelisted.

Even if you have an XSS due to improper HTML escaping this makes it a lot harder to exploit such a vulnerability.

jonasfj avatar Apr 02 '19 13:04 jonasfj