Content Security Policy - Spring Security

This demo application shows you how to integrate the Content Security Policy (CSP) in a Spring Boot based web application. Since Thymeleaf automatically protects from Cross-Site Scripting this functionality is turned off explicitly.

Content Security Policy

You can see the CSP in action by trying to inject JavaScript code into the text field below. Open a browser console to see the error message for blocked content.