Great explanation...
Just have one concern.
How do we manage CSP in SPA single pge applications ?
Hey @shashankbhuvanala2952, the CSP is applied on the HTTP response that supplies the initial index.html (which then bootstraps the SPA). So, you'll need to make sure that request has your CSP headers (not the API calls)
Hehe time to learn something new thanks!