公开(公告)号：US20250030738A1

公开(公告)日：2025-01-23

申请号：US18227089

申请日：2023-07-27

Applicant: eBay Inc.

Inventor： Jonathan KULISZ ,  SHUTANSHU ,  Sudip CHAKRABARTY ,  Srinivas HARIHARAN ,  Piyush PATTANAYAK ,  Nishant Kumar DAS PATTANAIK ,  Anuj KAUL

IPC: H04L9/40

Abstract: Systems and methods dynamically generate content security policy (CSP) headers using CSP definitions having dynamic source values. When a request for a web application is received, a CSP definition corresponding to the web application and having a dynamic source value is retrieved from a repository of CSP definitions. A CSP header is generated based on the CSP definition. The CSP header includes a source value dynamically generated based on the dynamic source value and a domain associated with the requested web application. The CSP header is provided as a response header for the requested web application.

公开(公告)号：US20250030747A1

公开(公告)日：2025-01-23

申请号：US18227099

申请日：2023-07-27

Applicant: eBay Inc.

Inventor： Jonathan KULISZ ,  SHUTANSHU ,  Sudip CHAKRABARTY ,  Srinivas HARIHARAN ,  Piyush PATTANAYAK ,  Nishant Kumar DAS PATTANAIK ,  Anuj KAUL

IPC: H04L9/40

Abstract: Systems and methods provide for self-healing content security policies (CSPs). In accordance with some aspects, CSP violation information is received identifying a CSP violation for a CSP header and a violating source for the CSP violation. The violating source for the CSP violation is compared against a list of trusted sources. Based on the comparison, a first trusted source in the list of trusted sources is identified as matching the violating source for the CSP violation. Responsive to identifying the first trusted source as matching the violating source, a CSP definition associated with the CSP header is caused to be updated to include a source value based on the violating source or the first trusted source to provide an updated CSP definition.