Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
120
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
95
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
170
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
570
Debugging with PhpStorm & XDebug
christophrumpel
0
250
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
780
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
160
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
310
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
260
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
220
Other Decks in Technology
See All in Technology
「違う現場で格闘する二人」——社内コミュニティがつないだトヨタ流アジャイルの実践とその先
shinichitakeuchi
0
460
みんなでAI上手ピーポーになろう! / Let’s All Get AI-Savvy!
kaminashi
0
150
形式手法特論:コンパイラの「正しさ」は証明できるか? #burikaigi / BuriKaigi 2026
ytaka23
17
6.3k
アウトプットはいいぞ / output_iizo
uhooi
0
130
RALGO : AIを組織に組み込む方法 -アルゴリズム中心組織設計- #RSGT2026 / RALGO: How to Integrate AI into an Organization – Algorithm-Centric Organizational Design
kyonmm
PRO
3
1.4k
コミュニティが持つ「学びと成長の場」としての作用 / RSGT2026
ama_ch
2
350
[PR] はじめてのデジタルアイデンティティという本を書きました
ritou
1
820
純粋なイミュータブルモデルを設計してからイベントソーシングと組み合わせるDeciderの実践方法の紹介 /Introducing Decider Pattern with Event Sourcing
tomohisa
1
1.2k
Introduction to Sansan Meishi Maker Development Engineer
sansan33
PRO
0
330
Kiro Power - Amazon Bedrock AgentCore を学ぶ、もう一つの方法
r3_yamauchi
PRO
0
100
Eight Engineering Unit 紹介資料
sansan33
PRO
0
6.3k
チームで安全にClaude Codeを利用するためのプラクティス / team-claude-code-practices
tomoki10
7
3.4k
Featured
See All Featured
Designing Powerful Visuals for Engaging Learning
tmiket
0
200
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.9k
Git: the NoSQL Database
bkeepers
PRO
432
66k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.5k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
The Curious Case for Waylosing
cassininazir
0
220
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
How to make the Groovebox
asonas
2
1.9k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.3k
Balancing Empowerment & Direction
lara
5
840
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
59
WCS-LA-2024
lcolladotor
0
420
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN
christophrumpel
shinichitakeuchi
kaminashi
ytaka23
uhooi
kyonmm
ama_ch
ritou
tomohisa
sansan33
r3_yamauchi
tomoki10
tmiket
garrettdimon
bkeepers
raygrieselhuber
destraynor
cassininazir
keavy
asonas
tammyeverts
lara
marketingsoph
lcolladotor
