Skip to content

Instantly share code, notes, and snippets.

@dfkaye

dfkaye/csp-key-features.md

Last active November 22, 2019 21:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dfkaye/8e1947fb51ffc94590d7a22ec27bbe26 to your computer and use it in GitHub Desktop.
Save dfkaye/8e1947fb51ffc94590d7a22ec27bbe26 to your computer and use it in GitHub Desktop.
Download ZIP
Table version of Content Security Policy (CSP) keys slide at performance.now() conference 2019
Raw
csp-key-features.md

22 November 2019 https://twitter.com/RyanTownsend/status/1197876919993323522

from talk by @SimonHearne at performance.now() conference, Amsterdam, NL, 2019.

Content Security Policy

CSP Directive HTML/JS Features
default-src *
connect-src XMLHttpRequest(), WebSocket(), EventSource(), sendBeacon(), fetch()
style-src <link rel=stylesheet>
script-src <script>
form-action <form>
font-src @font-face
child-src <iframe>, Worker()
object-src <object>, <embed>
media-src <video>, <audio>
image-src <img>
manifest-src <link rel=manifest>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment