Content Security Policy - Spring Security
This demo application shows you how to integrate the Content Security Policy (CSP) in a Spring Boot based web application. Since Thymeleaf automatically protects from Cross-Site Scripting this functionality is turned off explicitly.
Content Security Policy
You can see the CSP in action by trying to inject JavaScript code into the text field below. Open a browser console to see the error message for blocked content.