yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-07-23 09:00:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
strapi/docs/security/csp.md
loicsaintroch 9f1a2ce51c Add docs about v2
2016-03-22 18:11:11 +01:00

1017 B
Raw Blame History

title
CSP headers

Content Security Policy (CSP) is a W3C specification for instructing the client browser as to which location and/or which type of resources are allowed to be loaded.

This spec uses "directives" to define a loading behaviors for target resource types. Directives can be specified using HTTP response headers or or HTML Meta tags.

Configuration

Configuration:

  • Key: csp
  • Environment: development
  • Location: ./config/environments/development/security.json
  • Type: object

Example:

{
  "csp": {
    "policy": {
      "default-src": "self",
      "img-src": "*"
    }
  }
}

Options:

  • policy (object): Object definition of policy.
  • reportOnly (boolean): Enable report only mode.
  • reportUri (string): URI where to send the report data.

Notes:

  • Set to false to disable CSP headers.
  • See the MDN CSP usage page for more information on available policy options.