"Each CSP directive lets you indicate which origins are trust..." — Nicolás Bevacqua

“Each CSP directive lets you indicate which origins are trusted by using a whitelist-based approach. User agents which support CSP will avoid fetching resources that don’t match your server’s CSP directives. This means our server can determine, at a granular level, which origins are allowed for which kinds of resources.”

— Nicolás Bevacqua, Content-Security-Policy in Express apps

Security Content Security Policy To Add To QC Express

More from Nicolás Bevacqua

“In asynchronous code flows, it is commonplace to execute two or more tasks concurrently.…”

View all quotes →