Tuning My Content Security Policy
In my Getting Started With a Content Security Policy post, I setup a report only CSP policy so that I could try and identify things that could test out a policy before implementing it. It is time to parse through the results and see what needs to be updated in my deployed policy. The original policy was very simple default-src https Inspecting The Violations I started trying to look at the current violations and I think it was clear that I had a rather permissive Content Security Policy because nothing much was being blocked....