Content Security Policy
From Just Solve the File Format Problem
(Difference between revisions)
Dan Tobias (Talk | contribs) (Created page with "{{FormatInfo |formattype=electronic |subcat=Web |released=2012 }} A '''Content Security Policy''', defined in a W3C candidate recommendation, lets sites set security restricti...") |
(Category:Security) |
||
| Line 11: | Line 11: | ||
* [http://www.w3.org/TR/CSP/ W3C spec] | * [http://www.w3.org/TR/CSP/ W3C spec] | ||
* [https://medium.com/in-beta/bookmarklets-are-dead-d470d4bbb626 Bookmarklets are dead; we just don't know it yet] | * [https://medium.com/in-beta/bookmarklets-are-dead-d470d4bbb626 Bookmarklets are dead; we just don't know it yet] | ||
| + | |||
| + | [[Category:Security]] | ||
Latest revision as of 15:38, 9 October 2015
A Content Security Policy, defined in a W3C candidate recommendation, lets sites set security restrictions on access of objects within a page, to prevent risky cross-site activity. This has come under some criticism for its ability to block things users may want, such as bookmarklets.
Policies are linked via an HTTP header Content-Security-Policy (or its equivalent meta tag). They consist of a series of semicolon-separated directives.
