Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
110
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
65
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
130
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
530
Debugging with PhpStorm & XDebug
christophrumpel
0
220
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
750
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
130
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
280
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
240
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
190
Other Decks in Technology
See All in Technology
Amazon Bedrockで実現する 新たな学習体験
kzkmaeda
1
400
IIWレポートからみるID業界で話題のMCP
fujie
0
740
変化する開発、進化する体系時代に適応するソフトウェアエンジニアの知識と考え方(JaSST'25 Kansai)
mizunori
0
140
第9回情シス転職ミートアップ_テックタッチ株式会社
forester3003
0
150
AWS Summit Japan 2025 Community Stage - App workflow automation by AWS Step Functions
matsuihidetoshi
1
140
AWS CDK 実践的アプローチ N選 / aws-cdk-practical-approaches
gotok365
4
520
Amazon ECS & AWS Fargate 運用アーキテクチャ2025 / Amazon ECS and AWS Fargate Ops Architecture 2025
iselegant
16
4.7k
ObsidianをMCP連携させてみる
ttnyt8701
2
140
菸酒生在 LINE Taiwan 的後端雙刀流
line_developers_tw
PRO
0
1.1k
ハノーバーメッセ2025座談会.pdf
iotcomjpadmin
0
150
ひとり情シスなCTOがLLMと始めるオペレーション最適化 / CTO's LLM-Powered Ops
yamitzky
0
380
Observability infrastructure behind the trillion-messages scale Kafka platform
lycorptech_jp
PRO
0
130
Featured
See All Featured
Embracing the Ebb and Flow
colly
86
4.7k
How GitHub (no longer) Works
holman
314
140k
Docker and Python
trallard
44
3.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
VelocityConf: Rendering Performance Case Studies
addyosmani
330
24k
The Invisible Side of Design
smashingmag
299
51k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
20
1.3k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
Why Our Code Smells
bkeepers
PRO
337
57k
Music & Morning Musume
bryan
46
6.6k
Code Review Best Practice
trishagee
68
18k
The Cult of Friendly URLs
andyhume
79
6.4k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN