3.4.3.1 About Content Security Policy (CSP)
Learn about Content Security Policy (CSP).
Content Security Policy (CSP) is a web security standard that helps prevent a wide range of attacks, including Cross-Site Scripting (XSS) and data injection attacks, by controlling which content can be loaded and executed in the browser. By setting CSP headers, application developers instruct the browser to only execute or render resources from trusted sources. Anything not matching the defined policy will be blocked.
Note:
Oracle APEX is making progress towards CSP compliance by focusing on eliminating the need for'unsafe-inline'. This is achieved through the use
of a nounce into script and style tags, and by reducing
inline JavaScript and inline styles. However, it's important to note that
not all APEX components are fully CSP-compliant yet. Developers should be aware that
some legacy components or features might still require further adaptation in
future releases.
Parent topic: Configuring Content Security Policy (CSP)