Scheme is CSP’s Weakest Link
A CSP is the seatbelt for client-side attacks like Cross-Site Scripting and Clickjacking. It is really common to find a CSP which allows loading of resources only from specific domains, in order to limit the attack surface. But why use schemes?
Read More »Scheme is CSP’s Weakest Link