Hi Tejas, Thank you for explaining the content-security-policy. What are your thoughts on adding the content-security-policy header to web-servers like nginx, apache tomcat etc,. directly?
That’s a precise explanation, although would have been better if there was an explanation provided for nonce and hashes as well. As with just ‘self’ and other domain we cant really mitigate xss anymore. Just a feedback! Good video though :)
![Blox Fruits Dragon Rework Update [Full Stream]](http://i.ytimg.com/vi/EqDAp8udhm0/mqdefault.jpg)
Quick, concise and right to the point (and without running over us like a Fireship road roller)! Great work Tejas.
Hey thanks a lot Kostas!!!
thank you man, I arived here knowing nothing about CSP and now I have a pretty good understanding. Thanks
explained in best possible way
Thanks!!
subscribed bro I love the way you explain
Appreciate it
great explanation!
very informative!
great explanation
Glad it was helpful!
Great explanation 👍👍
Glad you liked it
Hi Tejas, Thank you for explaining the content-security-policy. What are your thoughts on adding the content-security-policy header to web-servers like nginx, apache tomcat etc,. directly?
It depends on the surface of the servers and what they serve. Generally, it's a good idea if the scope is isolated IMO.
is it good to block csp reports in ublock origin's settings ? or should it leave in off
The scripts on the screen are much too small. No one can read them.
zoom in
That’s a precise explanation, although would have been better if there was an explanation provided for nonce and hashes as well. As with just ‘self’ and other domain we cant really mitigate xss anymore. Just a feedback!
Good video though :)