[Owasp-omaha] CSP Headers and AppDev
zac.fowler at owasp.org
Thu Dec 10 17:04:53 UTC 2015
Good morning! In my office we do a lot of web development.
Recently (today) I have started looking into adding CSP headers for our
applications. Many of them however us Google tools / fonts / analytics.
I've created a CSP string that works, but in order to get google happy I
had to enable unsafe-eval for script-src....
Anyone have experience with this that can offer tips?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-omaha