| CPC H04L 63/205 (2013.01) [H04L 63/1433 (2013.01); H04L 63/20 (2013.01)] | 17 Claims |
|
1. A computer-implemented method comprising:
receiving, by at least one server from one or more servers, content security policy (CSP) violation information identifying a CSP violation for a CSP header and a violating source for the CSP violation;
comparing, by at least one server from the one or more servers, the violating source for the CSP violation to a list of trusted sources;
identifying, by at least one server of the one or more services, a first trusted source in the list of trusted sources matching the violating source for the CSP violation;
responsive to identifying the first trusted source as matching the violating source, causing, by at least one server from the one or more servers, a CSP definition associated with the CSP header to include a source value based on the violating source or the first trusted source to provide an updated CSP definition in a repository of CSP definitions;
receiving, by a frontend server, a webpage request from a user device requesting a webpage;
in response to receiving the webpage request, retrieving, by the frontend server, the updated CSP definition from the repository of CSP definitions;
generating, by the frontend server, an updated CSP header based on the updated CSP definition, the updated CSP header including the source value; and
providing, by the frontend server to the user device, the CSP header as a response header for the requested webpage.
|