Content Security Policy (CSP) is as a security concept aiming to prevent XSS and other forms of browser–based attacks right where they happen — in the browser. CSP has been around for a little while but it’s only now that browser vendors are closing in on implementing most of the W3C specification.
This talk will take a look at what CSP is, why it matters and how to use it with Ruby–based web applications.
References: https://gist.github.com/polarblau/9efa552df23b3cd8f967