发表新帖

发表新帖

How to implement content security policy?

后端未结

关注

 3  414

别那么骄傲 2021-01-03 03:14

There\'s good articles explaining the options for CSP like this one: http://www.html5rocks.com/en/tutorials/security/content-security-policy/

Perhaps it\'s completel

3条回答

不知归路 (楼主)

2021-01-03 03:43
If you are running Apache you can use .htaccess to do this

Put a file named .htaccess in your project path (usually something like) /var/www/myProject if it doesnt already exist for other reasons. In this case just add the following header rule:
```
Header set Content-Security-Policy "
    default-src 'self';
    script-src 'self' www.google-apis.com *.cloudflare.com someotherDomain.com;
    img-src 'self' *.cloudflare.com;
"
```
Now modern browsers will only execute scripts from your domain or google-apis.com or cloudflare.com or someotherDomain.com Images will only be loaded from your domain and cloudflare. Everything else will only be allowed from your domain.

Very good source: ole.michelsen.dk
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...

热议问题