View Revisions: Issue #11825

Summary 0011825: Support X-Content-Security-Policy (CSP)
Revision 2010-04-22 04:32 by dhx
Description

Background information on CSP:
https://wiki.mozilla.org/Security/CSP/Design_Considerations

The specifications:
https://wiki.mozilla.org/Security/CSP/Specification

This is a feature planned for Firefox 3.7. In other browsers that don't support X-Content-Security-Policy, this feature is ignored gracefully.

Essentially it adds another layer of security against XSS, CSRF and clickjacking attacks.

Revision 2010-04-22 03:59 by dhx
Description

Background information on CSP:
https://wiki.mozilla.org/Security/CSP/Design_Considerations

The specifications:
https://wiki.mozilla.org/Security/CSP/Specification

This is a feature planned for Firefox 3.7. In other browsers that don't support X-Security-Content-Policy, this feature is ignored gracefully.

Essentially it adds another layer of security against XSS, CSRF and clickjacking attacks.