Complete the code to add a Content Security Policy header in Django middleware.
response["Content-Security-Policy"] = [1]
The Content Security Policy header should specify allowed sources. "default-src 'self'" restricts content to the same origin, which is a common safe default.
Complete the middleware method to set the CSP header on the response.
def __call__(self, request): response = self.get_response(request) response["Content-Security-Policy"] = [1] return response
Setting the header to "default-src 'self'" allows resources only from the same origin, which is a secure default.
Fix the error in this CSP header assignment to allow scripts only from the same origin.
response["Content-Security-Policy"] = [1]
The correct syntax requires quotes around 'self' in the directive. Without quotes, the policy is invalid.
Fill both blanks to create a CSP that allows images from the same origin and scripts only from trusted.com.
response["Content-Security-Policy"] = [1] + "; " + [2]
The policy allows images only from the same origin and scripts only from https://trusted.com.
Fill all three blanks to build a CSP that allows styles from 'self', scripts from trusted.com, and blocks all frames.
response["Content-Security-Policy"] = [1] + "; " + [2] + "; " + [3]
This CSP allows styles only from the same origin, scripts only from trusted.com, and blocks all frames by setting frame-src to 'none'.