rspec/rules/S7074/common/extra-mile/csp.adoc

A Content Security Policy helps prevent the injection of malicious content. 
Define a CSP that restricts the sources of content that can be loaded by your application.

[source,javascript]
----
mainWindow.webContents.session.webRequest.onHeadersReceived((details, callback) => {
  callback({
    responseHeaders: {
      ...details.responseHeaders,
      'Content-Security-Policy': ["default-src 'self'; script-src 'self' https://example.com"]
    }
  });
});
----
Create rule S7074: webSecurity should be enabled (#4302) * Add html to rule S7074 * Add html for S7074 --------- Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com> Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com> 2024-09-19 16:03:28 +02:00			`A Content Security Policy helps prevent the injection of malicious content.`
			`Define a CSP that restricts the sources of content that can be loaded by your application.`

			`[source,javascript]`
			`----`
			`mainWindow.webContents.session.webRequest.onHeadersReceived((details, callback) => {`
			`callback({`
			`responseHeaders: {`
			`...details.responseHeaders,`
			`'Content-Security-Policy': ["default-src 'self'; script-src 'self' https://example.com"]`
			`}`
			`});`
			`});`
			`----`