genna
Reputation: 481
Content Security Policy as a blacklist
Can I use the Content Security Policy Header to blacklist the loading of scripts from certain domains?
Upvotes: 12
Views: 1705
Answers (1)
sideshowbarker
Reputation: 88286
No you can’t. When you create a CSP policy, it’s basically a “deny all” policy. You then add back “allow from” exceptions to that. But you can’t do it the other way around; this is, you can’t, in a CSP policy, express “allow all” as a default and then add back specific “deny from” exceptions.
Upvotes: 9
Related Questions
- Content Security Policy error - violating directive: script-src 'self'
- Loading of a resource blocked by Content Security Policy
- mplementing Content Security Policy
- Content-Security-Policy Blocking Whitelisted Domains
- Asp net core Content Security Policy implementation
- What is the maximally permissive Content-Security-Policy?
- Content Security Policy - Server is not considering meta content
- Content Security Policy - Can I explicitly block a domain so I don't get an error for a known resource
- ContentSecurityPolicyViolation
- 'Unrecognized Content-Security-Policy directive' error when specifying any domain