Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Christoph Rumpel
April 24, 2018
Technology
130
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
140
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
190
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
600
Debugging with PhpStorm & XDebug
christophrumpel
0
300
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
820
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
180
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
340
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
280
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
240
Other Decks in Technology
See All in Technology
そのタスクオンスケですか?
poropinai1966
0
120
AIで政治は変わるのか? — 中高生と考えたAI時代の民主主義(東海高校サタデープログラム)
eitarosuda
0
370
スタートアップにおけるアジャイルの実践について #shibuyagile
murabayashi
3
2k
グローバルチームと挑むプロダクト開発
sansantech
PRO
1
150
AIに「使われる」時代のSaaS戦略 〜既存WebAPIのMCPサーバー化における開発ノウハウ〜
ekispert_api
0
280
HookでSAST、CIでSAST、SCAでどうにかしている話 / layered-security-for-ai-written-code-with-sast-and-sca
yamaguchitk333
0
100
cccccc
moznion
0
1.7k
AWS Summit 2026で見えたSIerにとっての Amazon Quickの位置づけ
maf_0521
0
160
5分でわかるDuckDB Quack
chanyou0311
4
310
金融の未来を考える / Thinking About the Future of Finance
ks91
PRO
0
150
「ビジネスがわかるエンジニア」とは何か?
ryooob
0
490
#エンジニアBooks 30分でわかる 「技術記事を書く技術」 / engineer-books 2026-06-30
jnchito
1
180
Featured
See All Featured
HDC tutorial
michielstock
2
730
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
450
How to build a perfect <img>
jonoalderson
1
5.8k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Documentation Writing (for coders)
carmenintech
77
5.4k
Paper Plane
katiecoart
PRO
1
52k
Automating Front-end Workflow
addyosmani
1370
210k
The #1 spot is gone: here's how to win anyway
tamaranovitovic
3
1.1k
Producing Creativity
orderedlist
PRO
348
40k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
1
270
WCS-LA-2024
lcolladotor
0
670
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.2k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN