CSP in Adobe Commerce
5 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which directive in the csp_whitelist.xml file specifies the domains that are allowed to embed the current page in an iframe?

  • connect-src
  • frame-ancestors (correct)
  • default-src
  • frame-src

Which directive in the csp_whitelist.xml file specifies the domains that are allowed to be loaded by the current page through a <script> tag or XMLHttpRequest?

  • frame-ancestors
  • default-src
  • frame-src
  • connect-src (correct)

What error message will be displayed in the console when an iframe violates the Content Security Policy directive?

  • Refused to frame [URL] because it violates the Content Security Policy directive. (correct)
  • Refused to connect to [URL] because it violates the Content Security Policy directive.
  • Refused to render [URL] because it violates the Content Security Policy directive.
  • Refused to load script from [URL] because it violates the Content Security Policy directive.

What file should an Adobe Commerce developer add the correct policy ids to in order to fix the error caused by violating the Content Security Policy directive?

<p>csp_whitelist.xml (A)</p> Signup and view all the answers

What is the purpose of the Content Security Policy (CSP)?

<p>To prevent cross-site scripting (XSS) attacks. (D)</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Browser