Code Room
CodingMediumcod-g1121
Subject SecurityLevel Mid–Senior~25 minCommon in Security interviewsIndustries Software development

Question

Build a Content-Security-Policy header string from a directives mapping (directive name -> list of source values), enforcing two rules. (1) Within each directive's source list, deduplicate while preserving first-seen order. (2) If a directive's sources contain "'none'", that directive must collapse to exactly "'none'" (any other sources are dropped). Emit directives in the dict's iteration order, each as 'name source1 source2', joined by '; '. Skip directives with an empty source list entirely. Return the final header string.

Implement
build_csp(directives: dict) → str
Examples
in[{"img-src":["'self'","data:","'self'"],"default-src":["'self'"]}]out"default-src 'self'; img-src 'self' data:"
What a strong answer looks like

State your approach and its time/space complexity out loud before you optimize. Handle the edge cases (empty input, duplicates, overflow), and say why you chose this over the brute force. Green tests are the floor, not the grade.

Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.

Run or narrate your approach, then ask the coach.