Implementing CSP in a Microservices Stack: A Case Study
When people talk about Content Security Policy, they usually picture a single app with a single header set by a single server. That’s not how most production systems look anymore. A real microservices setup is messy. You have an edge proxy, maybe an API gateway, a frontend service doing SSR, a couple of backend APIs, static assets on a CDN, analytics scripts that marketing swears are non-negotiable, and at least one service that still injects inline JavaScript because “that’s how the template engine works.” ...