Allow All Content Security Policy?

Question

Is it possible to configure the Content-Security-Policy to not block anything at all? I\'m running a computer security class, and our web hacking project is running into iss

Answer 1

The best way would be not applying any policy.

But to answer your question, an "allow all policy" would probably be:

default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 

Note: untested