when i analyze my web page i've got this problem.
Set up a "Content-Security-Policy" (CSP) HTTP header. To specify a security policy on the source of your resources, configure your server so the response of the first resource contains the "Content-Security-Policy" HTTP header.
Here's an example:
Content-Security-Policy: script-src 'self' https://apis.google.com In this case, the page loads correctly provided that all the scripts come from the current host or https://apis.google.com.
What does this actually mean?
Aucun commentaire:
Enregistrer un commentaire