|
|
⌂
Demonstrates:
- CSP header, currently using
default-src 'self';
script-src 'self' https://cdn.jsdelivr.net 'nonce-browser-sync';
style-src 'self' 'nonce-random-string'; require-trusted-types-for 'script';
trusted-types dompurify;
-
Do not use
https://cdn.jsdelivr.net as CSP since that is too broad and risky. We only do it for demo purposes
View Source:
|