MozillaWiki

User:Apking/Web Security Guidelines: Difference between revisions

User page Discussion

User:Apking/Web Security Guidelines (view source)

Revision as of 22:06, 19 January 2016

23 bytes removed ,  19 January 2016
→‎Examples: Update examples (thanks ckerschb)
(→‎Implementation Notes: More info on <meta> tags)
(→‎Examples: Update examples (thanks ckerschb))
Line 172: Line 172:
<pre># Disable unsafe inline/eval, only allow loading of resources (images, fonts, scripts, etc.) over https (recommended)
<pre># Disable unsafe inline/eval, only allow loading of resources (images, fonts, scripts, etc.) over https (recommended)
Content-Security-Policy: default-src https:</pre>
Content-Security-Policy: default-src https:</pre>
<pre>&lt;-- Do the same thing, but with a <meta> tag --&gt;
<meta http-equiv="Content-Security-Policy" content="default-src https:"></pre>


<pre># Disable the use of unsafe inline/eval, allow everything else
<pre># Disable the use of unsafe inline/eval, allow everything else
Content-Security-Policy: default-src http: https:</pre>
Content-Security-Policy: *</pre>
 
<pre># Do the same thing, but with a &lt;meta&gt; tag
<meta http-equiv="Content-Security-Policy" content="default-src http: https:"></pre>


<pre># Disable unsafe inline/eval, only load resources from same origin, except also allow images on imgur
<pre># Disable unsafe inline/eval, only load resources from same origin, except also allow images on imgur
Apking
Anti-spam team, Confirmed users
99

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1113358"