@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().contentSecurityPolicy("default-src 'self';" +
"style-src 'self' 'unsafe-inline';" +
"img-src 'self' data: ;" +
"script-src 'self' 'unsafe-inline'")
.and().contentTypeOptions()
.and().xssProtection()
.and().cacheControl()
.and().httpStrictTransportSecurity()
.and().frameOptions();
}
分享给朋友们怎样设置Springboot Content Security Policy 的