How does Content Security Policy work?
I’m getting a bunch of errors in the developer console:
Refused to evaluate a string
Refused to execute inline script because it violates the following Content Security Policy directive
Refused to load the script
Refused to load the stylesheet
What’s this all about? How does Content Security Policy work? How do I use the Content-Security-Policy HTTP header?
Specifically, how to…
…allow multiple sources?
…use different directives?
…use multiple directives?
…handle different protocols?
…allow file:// protocol?
…use inline styles, scripts, and tags