You want to allow images from your own site and from https://images.example.com but block all other sources. Which CSP header directive is correct in Django?

hard📝 Application Q15 of 15

Django - Security Best Practices

Aresponse['Content-Security-Policy'] = "img-src 'self' https://images.example.com; default-src 'none'"

Bresponse['Content-Security-Policy'] = "default-src 'self' https://images.example.com"

Cresponse['Content-Security-Policy'] = "img-src *; default-src 'self'"

Dresponse['Content-Security-Policy'] = "img-src 'none'; default-src https://images.example.com"

Step-by-Step Solution

Solution:

Step 1: Identify directives to allow images only from specific sources
img-src directive controls image sources; 'self' allows own site, plus https://images.example.com.
Step 2: Block all other sources by setting default-src to 'none'
default-src 'none' blocks everything else not explicitly allowed.
Final Answer:
response['Content-Security-Policy'] = "img-src 'self' https://images.example.com; default-src 'none'" -> Option A
Quick Check:
Allow images from self and example.com, block others [OK]

Quick Trick: Use img-src for images and default-src 'none' to block others [OK]

Common Mistakes:

MISTAKES

Using default-src for images allows too many sources
Using img-src * allows all images, not secure
Setting img-src 'none' blocks all images

Master "Security Best Practices" in Django

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Perf

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More Django Quizzes

You want to allow images from your own site and from https://images.example.com but block all other sources. Which CSP header directive is correct in Django?

Step 1: Identify directives to allow images only from specific sources

Step 2: Block all other sources by setting default-src to 'none'

Final Answer:

Quick Check:

Want More Practice?