For those who don’t know, Content-Security-Policy or CSP is an attempt at mitigating Cross Site Scripting (XSS) attacks which are generally what you aim for when you manipulate a web endpoint – a web page – such that you can inject your own client-side code.
It’s problematic because an unrestricted XSS attacker operates from the trust level of the website the injection was made in, allowing access to user sessions and details; anything the user can access or manipulate the attacker can.
more here.............http://words.zemn.me/csp
It’s problematic because an unrestricted XSS attacker operates from the trust level of the website the injection was made in, allowing access to user sessions and details; anything the user can access or manipulate the attacker can.
more here.............http://words.zemn.me/csp