Front-End Web Development: The Big Nerd Ranch Guide

Content Security Policy

Ember makes use of a new security layer in JavaScript for detecting cross-origin requests before they hit your server. The working standard is called Content Security Policy. Ember CLI has a contentSecurityPolicy object to add the appropriate information. The defaults are fairly strict when it comes to requesting data, scripts, images, styles, and other file types outside of your app’s domain.

There is an addon to set some defaults and integrate the security policy into your app: ember-cli-content-security-policy. You do not need it for Tracker, but it is good to know about. This addon makes it easier to add environment variables to set the security policy. The security policy object will work with the browser ...

Get Front-End Web Development: The Big Nerd Ranch Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Front-End Web Development: The Big Nerd Ranch Guide by Chris Aquino, Todd Gandee

Content Security Policy

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly