How to detect Content Security Policy (CSP)

后端未结

关注

 6  1492

长发绾君心 2021-01-03 21:19

I noticed that GitHub and Facebook are both implementing this policy now, which restricts third party scripts from being run within their experience/site.

Is there a

6条回答

孤城傲影 (楼主)

2021-01-03 21:56
From https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5:
```
fetch(document.location.href)
.then(resp => {
  const csp = resp.headers.get('Content-Security-Policy');
  // does this exist? Is is any good?
});
```
This will fail however with connect-src='none' and be reported.
0 讨论(0)

查看其它6个回答
发布评论:

提交评论
- 加载中...