|
|
|
|
|
|
by p_ing
517 days ago
|
|
|
CORS policy would say "okay end user, you can load everything from me, but also get jquery from <some jquery CDN>. no resources can come from anywhere else". It's not a bad idea to just put in a CSP (always put in a CSP!), CORS policy, and Same-Origin. This is configured on your app rather than server (usually). MDN is one of the better resources for this, and links out to other authoritative resources in the additional info section of a directive. |
|
|