Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
110
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
79
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
150
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
550
Debugging with PhpStorm & XDebug
christophrumpel
0
240
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
760
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
140
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
300
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
240
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
210
Other Decks in Technology
See All in Technology
DataOpsNight#8_Terragruntを用いたスケーラブルなSnowflakeインフラ管理
roki18d
1
310
BirdCLEF+2025 Noir 5位解法紹介
myso
0
170
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
130
後進育成のしくじり〜任せるスキルとリーダーシップの両立〜
matsu0228
1
610
Pythonによる契約プログラミング入門 / PyCon JP 2025
7pairs
5
2.4k
動画データのポテンシャルを引き出す! Databricks と AI活用への奮闘記(現在進行形)
databricksjapan
0
120
BtoBプロダクト開発の深層
16bitidol
0
150
多野優介
tanoyusuke
1
110
空間を設計する力を考える / 20251004 Naoki Takahashi
shift_evolve
PRO
3
140
Findy Team+のSOC2取得までの道のり
rvirus0817
0
260
Modern_Data_Stack最新動向クイズ_買収_AI_激動の2025年_.pdf
sagara
0
150
Go Conference 2025: GoのinterfaceとGenericsの内部構造と進化 / Go type system internals
ryokotmng
3
560
Featured
See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
A Modern Web Designer's Workflow
chriscoyier
697
190k
4 Signs Your Business is Dying
shpigford
185
22k
GitHub's CSS Performance
jonrohan
1032
460k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.1k
Code Reviewing Like a Champion
maltzj
525
40k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Become a Pro
speakerdeck
PRO
29
5.5k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
30
9.7k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN