Okey, so you want to secure your app with a CSP-policy. Great! But where to start and what to do if some parts of your app is out of your control?
2 min read
By Johan Andre Lundar
December 4, 2019
Also be aware that it is not possible to allow for 'unsafe-inline' for a specific external resource only. If you allow 'unsafe-inline' it actually covers all resources that are allowed for that specific part of the CSP. You have to ask yourself, do I really need this piece of code or this plugin that forces me to open up my app to be more vulnerable to attacks? My experience is that if you as a developer try to adhere to a strict policy (not using inline JS for example) it will make you think more about your code and make it more secure.