Hi Tejas, Thank you for explaining the content-security-policy. What are your thoughts on adding the content-security-policy header to web-servers like nginx, apache tomcat etc,. directly?
That’s a precise explanation, although would have been better if there was an explanation provided for nonce and hashes as well. As with just ‘self’ and other domain we cant really mitigate xss anymore. Just a feedback! Good video though :)
Quick, concise and right to the point (and without running over us like a Fireship road roller)! Great work Tejas.
Hey thanks a lot Kostas!!!
thank you man, I arived here knowing nothing about CSP and now I have a pretty good understanding. Thanks
very informative!
explained in best possible way
Thanks!!
Hi Tejas, Thank you for explaining the content-security-policy. What are your thoughts on adding the content-security-policy header to web-servers like nginx, apache tomcat etc,. directly?
It depends on the surface of the servers and what they serve. Generally, it's a good idea if the scope is isolated IMO.
great explanation!
is it good to block csp reports in ublock origin's settings ? or should it leave in off
great explanation
Glad it was helpful!
subscribed bro I love the way you explain
Appreciate it
Great explanation 👍👍
Glad you liked it
The scripts on the screen are much too small. No one can read them.
zoom in
That’s a precise explanation, although would have been better if there was an explanation provided for nonce and hashes as well. As with just ‘self’ and other domain we cant really mitigate xss anymore. Just a feedback!
Good video though :)