15 Content Security Policy

This chapter covers

Composing a content security policy with fetch, navigation, and document directives
Deploying CSP with django-csp
Detecting CSP violations with reporting directives
Resisting XSS and man-in-the-middle attacks

Servers and browsers adhere to a standard known as Content Security Policy (CSP) to interoperably send and receive security policies. A policy restricts what a browser can do with a response, in order to protect the user and server. Policy restrictions are designed to prevent or mitigate various web attacks. In this chapter, you’ll learn how to easily apply CSP with django-csp. This chapter covers CSP Level 2 and finishes with parts of CSP Level 3.

A policy is delivered from a server to ...

Get Full Stack Python Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Full Stack Python Security by Dennis Byrne

15 Content Security Policy

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly