[Owasp-omaha] CSP Headers and AppDev

Zac Fowler zac.fowler at owasp.org
Thu Dec 10 17:04:53 UTC 2015


Good morning!  In my office we do a lot of web development.

Recently (today) I have started looking into adding CSP headers for our
applications.  Many of them however us Google tools / fonts / analytics.

I've created a CSP string that works, but in order to get google happy I
had to enable unsafe-eval for script-src....

Anyone have experience with this that can offer tips?

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-omaha/attachments/20151210/e179249f/attachment.html>


More information about the Owasp-omaha mailing list