I found this video a while ago and saved it. This fundemental for websites and web applications to mitigate XSS attacks. I came across a 'trusted scripts assignment' error in the console and after a ton of research i've started implementing a CSP header (you can also use the meta tag to set a CSP) but i still needed more info so i came back here. Thanks for taking time to make this video Abhay i can see that you've gone through some lengths to hide personal info before uploading the video so its really appreciated and its going to help alot.
You explained it very well. Concept is clear to me. But how do I get my javascript loaded without errors. I have very little knowledge of Java and have played with a bit. I found which files causing the errors but how do I correct this. Where do I inject the nonce or hash code in my files or remove the errors in my javascrips?
Hey Ashish, quick question. if I have 'connect-src *' but have explicitly limited script-src and all other derivatives to a particular domain, how much of a threat is it?