srikanthbollu
New Member
- Impact
- 0
In my project, I have backend (spring boot) and frontend (angular). The cybersecurity team wants CSP header in response-headers on every page.
I have provided them CSP header on all my endpoints authenticated or unauthenticated, but they also want it on navigation links which renders only from frontend like '/login'.
So, I have provided them CSP as meta-tag by adding it in index.html. Still, they want it as a response header.
Now, my questions
1: how important it is to have CSP on pages which do not load on the basis of backend interaction?
2: what are the best ways to achieve this?
I have provided them CSP header on all my endpoints authenticated or unauthenticated, but they also want it on navigation links which renders only from frontend like '/login'.
So, I have provided them CSP as meta-tag by adding it in index.html. Still, they want it as a response header.
Now, my questions
1: how important it is to have CSP on pages which do not load on the basis of backend interaction?
2: what are the best ways to achieve this?
