jhancock532
Reputation: 392
Does specifying a file in a CSP directive prevent other files from that domain being loaded?
If I have the following script-src directive:
script-src: https://example.com/scripts/file.js;
Is it possible for any of the following scripts to be loaded?
https://example.com/file.jshttps://example.com/assets/file.jshttps://example.com/scripts/different-file.js
Does this apply to all browsers and CSP v2 / CSP v3?
Upvotes: 0
Views: 35
Answers (1)
Halvor Sakshaug
Reputation: 3455
According to the specifications for CSP v2 and CSP v3, this can be used in both v2 and v3. I would expect browsers to support it as major browsers have supported v2 for years. None of the example scripts should be loaded with the given CSP.
Upvotes: 1
Related Questions
- Provide "Forgot Password" feature in Keycloak to certain users only
- Disable Multiple login at Keycloak
- How to lock user account on 5 unsuccessful attempts
- Keycloak Send Email after successfull password reset
- How to Disable user account after 5 consecutive failed login attempts using Keycloak
- How to set Max Login Failures in keyCloak client?
- Keycloak - require user to set password after email verification
- How to lock accounts after a certain number of invalid login attempts
- How to protect a website managed by keycloak from abusing the "forget password" as a way to spam a user?
- Block user account after 3 consecutive failed login attempts using spring security