MozillaWiki

Security/CSP/XSSModule: Difference between revisions

Page Discussion

Security/CSP/XSSModule (view source)

Revision as of 00:30, 18 October 2009

6 bytes removed ,  18 October 2009
no edit summary
No edit summary
No edit summary
Line 20: Line 20:


An HTTP server can deliver a policy to the browser by including a header named X-Content-Security-Policy.  The general X-Content-Security-Policy header as the following syntax:  
An HTTP server can deliver a policy to the browser by including a header named X-Content-Security-Policy.  The general X-Content-Security-Policy header as the following syntax:  
<pre>content-security-policy = "x-content-security-policy" ":" OWS csp-rule-list OWS
<pre>content-security-policy = "x-content-security-policy" ":" OWS csp-policy OWS
csp-rule-list          = csp-rule ["," csp-rule-list]
csp-policy              = csp-rule ["," csp-policy]
csp-rule                = future-rule / known-rule
csp-rule                = future-rule / known-rule
future-rule            = (anything but ";")
future-rule            = (anything but ";")
Abarth
118

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/176355"