Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CSP

Ben Toews
January 10, 2013

 CSP

Content Security Policy

Ben Toews

January 10, 2013
Tweet

More Decks by Ben Toews

Other Decks in Technology

Transcript

  1. csp

  2. X-Content-Security-Policy: default-src *; script-src https://github.com https://a24 8.e.akamai.net https://jobs.github.com h ttps://ssl.google-analytics.com

    https://s ecure.gaug.es https://gist.github.com; s tyle-src https://github.com https://a248. e.akamai.net https://jobs.github.com htt ps://ssl.google-analytics.com https://sec ure.gaug.es https://gist.github.com 'uns afe-inline'; report-uri /errors Content-Se curity-Policy: default-src *; script-src htt ps://github.com https://a248.e.akamai.ne
  3. { "csp-report": { "document-uri": "https://github.com/", "referrer": "", "blocked-uri": "self", "violated-directive":

    "eval script base restriction", "source-file": "chrome://firebug/content/co...", "script-sample": "call to eval() or related...", "line-number": 166 } }