https://www.owasp.org/images/c/c4/2017-04-20-OWASPNZ-SpagnuoloWeichselbaum.pdf http://sebastian-lekies.de/csp/bypasses.php Might be able to generate a CSP policy at build-time based on hashes of JS files. Can't use nonces since they need to be different on each request.
https://www.owasp.org/images/c/c4/2017-04-20-OWASPNZ-SpagnuoloWeichselbaum.pdf
http://sebastian-lekies.de/csp/bypasses.php
Might be able to generate a CSP policy at build-time based on hashes of JS files. Can't use nonces since they need to be different on each request.