Public Enemy Exposed4h ago

I am playing around with the CSP - Content Security Policy of my website, actually starting from scratch, for the first time.

I have managed to set the following and the website works:

connect-src
object-src
form-action
base-uri
frame-ancestors

but as soon as I set the following, the website is no longer functional:

default-src
script-src
style-src

has anyone had similar issues and knows what I can look for to make this work? What am I doing wrong? 🤦

#Website #CSP #ContentSecurityPolicy

Show threadPublic Enemy Exposed

@pee

for anyone else who wants to test or set up their website, here's a tool:

https://report-uri.com/home/tools

and two guides:

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

https://scotthelme.co.uk/csp-cheat-sheet/

#Website #CSP

Free Tools

Our tools will help you deploy modern security features.

Report URI
1:17pmWeb