Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
110
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
81
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
150
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
550
Debugging with PhpStorm & XDebug
christophrumpel
0
240
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
770
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
140
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
300
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
240
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
210
Other Decks in Technology
See All in Technology
Introdução a Service Mesh usando o Istio
aeciopires
1
280
JSConf JPのwebsiteをGatsbyからNext.jsに移行した話 - Next.jsの多言語静的サイトと課題
leko
2
180
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
940
Dify on AWS 環境構築手順
yosse95ai
0
100
ハノーファーメッセ2025で見た生成AI活用ユースケース.pdf
hamadakoji
0
390
AI時代におけるデータの重要性 ~データマネジメントの第一歩~
ryoichi_ota
0
710
それでも私が品質保証プロセスを作り続ける理由 #テストラジオ / Why I still continue to create QA process
pineapplecandy
0
170
[2025年10月版] Databricks Data + AI Boot Camp
databricksjapan
1
240
AIとともに歩んでいくデザイナーの役割の変化
lycorptech_jp
PRO
0
810
Railsの話をしよう
yahonda
0
170
個人でデジタル庁の デザインシステムをVue.jsで 作っている話
nishiharatsubasa
2
3.6k
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
2.8k
Featured
See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
990
How to Ace a Technical Interview
jacobian
280
24k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
A Tale of Four Properties
chriscoyier
161
23k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Building Applications with DynamoDB
mza
96
6.7k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
115
20k
Building a Scalable Design System with Sketch
lauravandoore
463
33k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.6k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
10
880
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
127
54k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN