CSP for AWS Cognito Hosted UI
AWS Cognito Hosted UI is convenient right up until you want a serious Content Security Policy. Then you hit the wall: you don’t control the response headers for the managed login pages the way you would on your own app. That changes how you think about CSP completely. This guide is the practical version: what you can and can’t do, where CSP actually applies, and copy-paste examples for the setups I see most often. ...