Microsoft explains Content Security Policy for Hosted Web Apps

2 min. read

Published onMarch 23, 2016

published onMarch 23, 2016

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

One of the new forms of apps for Windows 10 being promoted by Microsoft are Hosted Web Apps. While web apps have existed before on the Windows Store, in Microsoft’s newest OS, they finally go from simple wrappers to a powerful alternative to native apps, with the ability to access APIs reserved for Universal Windows Apps (UWA). Unfortunately, this also implies potential security risks, something Microsoft seems to be trying to prevent witha new educational blog post for developers on how to make Hosted Web Apps secure.

What sets Windows 10 Hosted Web Apps apart from their predecessors is the modern, up-to-date Microsoft Edge web platform and rendering engine. This means common techniques for web content security will work for Hosted Web Apps; the focus, however, is on a new feature: Content Security Policy.

Content Security Policy (CSP) is a new security layer invented by the W3C Web Application Security Working Group. It helps reduce risks of cross-site scripting and data injection – two common forms of webpage attacks – by allowing developers to specify where the resource for a particular webpage should come from. The post details how CSP works and some “best practices” for using CSP, including setting up Content URI rules and scope, and applying CSP to all pages that will have access to UWA APIs.

As the dearth of apps on Windows 10 Store continues, Hosted Web Apps is just one of the ways Microsoft is courting developers by minimizing their workload developing for Windows. That does not mean quantity should trump quality or security however, and it’s reassuring to see Microsoft address this issue before it becomes problematic; the rest, now, is up to developers.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Microsoft explains Content Security Policy for Hosted Web Apps#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft explains Content Security Policy for Hosted Web Apps