Hey everyone- I’ve released a new version of my library plug_content_security_policy, which aids in the generation of CSP headers for Plug/Phoenix applications.
Setting a Content Security Policy header for your application helps mitigate the risk of cross-site scripting and malicious asset injection by letting you control what sorts of requests are allowed from a page. See the link above for more info and examples.
Version 0.2 of PlugContentSecurityPolicy adds support for report-only mode, which you can use to test your policy for violations without breaking those requests on your site.