Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
110
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
53
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
110
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
520
Debugging with PhpStorm & XDebug
christophrumpel
0
210
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
740
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
120
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
270
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
230
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
180
Other Decks in Technology
See All in Technology
サーバシステムを無理なくコンテナ移行する際に伝えたい4つのポイント/Container_Happy_Migration_Method
ozawa
1
100
Multitenant 23ai の全貌 - 機能・設計・実装・運用からマイクロサービスまで
oracle4engineer
PRO
2
120
PostgreSQL Unconference #52 pg_tde
nori_shinoda
1
230
AIエージェントキャッチアップと論文リサーチ
os1ma
6
1.2k
頻繁リリース × 高品質 = 無理ゲー? いや、できます!/20250306 Shoki Hyo
shift_evolve
0
160
20250328_OpenAI製DeepResearchは既に一種のAGIだと思う話
doradora09
PRO
0
150
どっちの API SHOW?SharePoint 開発における SharePoint REST API Microsoft Graph API の違い / Which API show? Differences between Microsoft Graph API and SharePoint REST API
karamem0
0
110
17年のQA経験が導いたスクラムマスターへの道 / 17 Years in QA to Scrum Master
toma_sm
0
420
コンソールで学ぶ!AWS CodePipelineの機能とオプション
umekou
2
120
3/26 クラウド食堂LT #2 GenU案件を通して学んだ教訓 登壇資料
ymae
1
210
20250326_管理ツールの権限管理で改善したこと
sasata299
1
390
Riverpod & Riverpod Generatorを利用して状態管理部分の処理を書き換えてみる簡単な事例紹介
fumiyasac0921
0
110
Featured
See All Featured
Six Lessons from altMBA
skipperchong
27
3.7k
Unsuck your backbone
ammeep
670
57k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.4k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
Site-Speed That Sticks
csswizardry
4
450
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
135
33k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.2k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
227
22k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Product Roadmaps are Hard
iamctodd
PRO
52
11k
The Language of Interfaces
destraynor
157
24k
Adopting Sorbet at Scale
ufuk
75
9.3k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN
christophrumpel
ozawa
oracle4engineer
nori_shinoda
os1ma
shift_evolve
doradora09
karamem0
toma_sm
umekou
ymae
sasata299
fumiyasac0921
skipperchong
ammeep
productmarketing
addyosmani
csswizardry
eileencodes
jcasabona
danielanewman
destraynor
iamctodd
ufuk
