Osano and Content Security Policies (CSPs)
Content Security Policies
Content Security Policies are an added security layer that helps detect and mitigate certain types of attacks (ex. Cross-Site Scripting, data injection, etc.). Osano may be used with or without a CSP.
To enable CSP, you would need to configure your webserver to return the
Content-Security-Policy HTTP header.
<meta> element could be used to configure a policy, for example:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; child-src 'none';">
Implementing Osano with a CSP
If you are utilizing a CSP, certain allowances may need to be made to your CSP for Osano to run appropriately.
blob: URIs to be used as a content source.
For example (this may differ from CSP to CSP):
<meta http-equiv="Content-Security-Policy" content="style-src 'unsafe-inline' http: https: 'self'; script-src blob: http: https: 'self';">