Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Christoph Rumpel
April 24, 2018
Technology
1
120
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
100
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
180
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
580
Debugging with PhpStorm & XDebug
christophrumpel
0
260
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
790
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
170
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
320
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
260
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
240
Other Decks in Technology
See All in Technology
AI が Approve する開発フロー / How AI Reviewers Accelerate Our Development
zaimy
1
230
Serverless Agent Architecture on Azure / serverless-agent-on-azure
miyake
1
110
「データとの対話」の現在地と未来
kobakou
0
970
Vertex AI Agent Engine で学ぶ「記憶」の設計
tkikuchi
0
110
サンタコンペ2025完全攻略 ~お前らの焼きなましは遅すぎる~
terryu16
1
540
ソフトウェアアーキテクトのための意思決定術: Create Decision Readiness—The Real Skill Behind Architectural Decision
snoozer05
PRO
27
7.6k
AI活用を"目的"にしたら、データの本質が見えてきた - Snowflake Intelligence実験記 / chasing-ai-finding-data
pei0804
0
820
Snowflakeデータ基盤で挑むAI活用 〜4年間のDataOpsの基礎をもとに〜
kaz3284
1
290
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
4
22k
Data Hubグループ 紹介資料
sansan33
PRO
0
2.8k
Lookerの最新バージョンv26.2がやばい話
waiwai2111
1
140
[続・営業向け 誰でも話せるOCI セールストーク] AWSよりOCIの優位性が分からない編(2026年2月20日開催)
oracle4engineer
PRO
0
140
Featured
See All Featured
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
2
65
BBQ
matthewcrist
89
10k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.4k
Making the Leap to Tech Lead
cromwellryan
135
9.7k
Making Projects Easy
brettharned
120
6.6k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
620
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
450
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.1k
The Language of Interfaces
destraynor
162
26k
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
210
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
660
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
62
50k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN
christophrumpel
zaimy
miyake
kobakou
tkikuchi
terryu16
snoozer05
pei0804
kaz3284
sansan33
waiwai2111
oracle4engineer
davidcarrasco
matthewcrist
dougneiner
cromwellryan
brettharned
kimpetersen
inesmontani
destraynor
techseoconnect
nmsamuel
soudai
