Excercises CSP

Question 1)

I want to create a CSP header with the following properties: By default, I want it to only accept any resource from the domain itself. I want scripts to be allowed from google.com and images as well.

Question 2)

I want to create a CSP meta tag with the following properties:

• the default source should be from anywhere

• the images should only come from HTTPS domains, any domain as long as it's HTTPS

• The stylesheets should only come from https://www.google.com

Question 3)

I want to create a CSP header with the following properties:

• the default source should be from anywhere

• the stylesheets should only come from https://www.google.com or https://www.yahoo.com

• i need scripts to be evaluated unsafe inline because we are migrating our servers