Server-Driven Web Apps with htmx

Specify a Content Security Policy

A Content Security Policy^[71] (CSP) detects and prevents some types of attacks, including Cross-Site Scripting (XSS). It can also report attempted attacks.

A CSP can be enabled with an HTTP response header or with an HTML meta tag. In both cases, the policy is described by a list of directives separated by semicolons.

Each directive is specified with a name and one or more values, all separated by a space. The values are CSP-specific keywords (such as self) and/or allowed URL patterns.

The following meta tag provides an example. It specifies that by default all resource types can only be downloaded from the current origin. An exception is made for images that can come from any origin as long as HTTPS is used. ...

Get Server-Driven Web Apps with htmx now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Server-Driven Web Apps with htmx by R. Mark Volkmann

Specify a Content Security Policy

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly