1 | initial version |
You can use a Content Security Policy (CSP) script-src directive to allow only trusted sources of scripts to be loaded into your web page. To incorporate a script from a retrieved source while maintaining CSP enforcement, you need to ensure that the source of the script is explicitly allowed in the script-src directive of your CSP.
https://example.com/script.js
, you can update your CSP policy as follows:Content-Security-Policy: script-src 'self' https://example.com;
This CSP policy allows scripts from your website ('self'
) and https://example.com
.
<script src="https://example.com/script.js"></script>
By adding the source of the script to your CSP policy, you can ensure that only trusted scripts can be loaded into your web page. This helps to protect your website from cross-site scripting (XSS) attacks and other security threats.