Log in Sign up

Content Security Policy

I’m seeing a new best practice around regarding Content Security Policy (CSP): any solution planned in Blot regarding this or is an individual implementation to consider, like analytics? Thanks!

2 replies Asked Jun 14 '21 at 7:40 · Improve this question

I would say: implement your own CSP for now. This is possible using a <meta> tag, e.g.

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">

The example above was taken from Mozilla’s article on Content Security Policies.

I will do a bit more reading about CSPs at some point — and would be more than willing to consider implementing a sensible default CSP across all the templates. Would you be willing (no pressure) to share what convinced you of the importance of CSPs? My uninformed position is that using HTTPS and avoiding third-party scripts/images/fonts should cover most of the risk

Answered Jun 14 '21 at 20:56 · Improve this answer

Thanks! I was just overly curious and overzealous seeing a new thing that I haven’t seen before, and wondered if this was something easy to implement, or if it needed the CMS to implement it, or from the domain registration site. I am definitely not the target audience for this practice.

Answered Jun 15 '21 at 6:36 · Improve this answer

Please, log in to add a reply.