I’m seeing a new best practice around regarding Content Security Policy (CSP): any solution planned in Blot regarding this or is an individual implementation to consider, like analytics? Thanks!
I would say: implement your own CSP for now. This is possible using a <meta> tag, e.g.
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">
The example above was taken from Mozilla's article on Content Security Policies.
I will do a bit more reading about CSPs at some point – and would be more than willing to consider implementing a sensible default CSP across all the templates. Would you be willing (no pressure) to share what convinced you of the importance of CSPs? My uninformed position is that using HTTPS and avoiding third-party scripts/images/fonts should cover most of the risk
Answered 3 years ago · Improve this answerThanks! I was just overly curious and overzealous seeing a new thing that I haven't seen before, and wondered if this was something easy to implement, or if it needed the CMS to implement it, or from the domain registration site. I am definitely not the target audience for this practice.
Answered 3 years ago · Improve this answer