Skip to content

[Security] Implement Strict Content Security Policy (CSP) #124

New issue
New issue
Open
Open
[Security] Implement Strict Content Security Policy (CSP)#124
Assignees
piyushsinghgaur1
@piyushsinghgaur1

Description

@piyushsinghgaur1
piyushsinghgaur1
opened on May 19, 2025

Description:

To enhance frontend security, implement a strong Content Security Policy (CSP) in the Angular frontend.

This protects the app against XSS, clickjacking, and code injection attacks by restricting trusted sources.

Tasks:

  • Define a strict CSP policy (e.g., 'default-src': ["'self'"])
  • Avoid 'unsafe-inline' unless absolutely required (and document it if used)
  • Remove <meta http-equiv="Content-Security-Policy"> from client app
  • Add whitelisted external domains (e.g., fonts, analytics, CDNs, etc.)
  • Ensure CSP configuration is environment-agnostic (dev/prod/stage)
  • Test application with CSP enabled in all environments
  • Validate via browser console: no CSP violations
  • Document the CSP configuration and update steps in the project README

Acceptance Criteria:

  • Application loads successfully with no CSP violations in browser console
  • All third-party resources are explicitly whitelisted in the CSP
  • Inline scripts and styles are avoided where possible
  • CSP policy is clearly documented and easy to update

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions