Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Content Security Policy in your Rails apps in 30s

Jean-Baptiste Aviat
July 05, 2016
Programming
0
280

Content Security Policy in your Rails apps in 30s

Content Security Policy (CSP) is an HTTP header that instructs the browser to limit loading of external assets, such as scripts, styles or media to specific sources. It is intended to prevent wide categories of attacks, such as cross-site scripting (XSS), click-jacking and other code injection. This feature is powerful because it prevents many common attacks that target your users’ browsers.
We explain why Content Security Policy is complex to use and how Sqreen provides a powerful feature to easily add it to your applications.

Jean-Baptiste Aviat

July 05, 2016
Tweet

More Decks by Jean-Baptiste Aviat

See All by Jean-Baptiste Aviat
Writing a Python C extension in 2018
aviat
1
1.1k
App Security is just a Git flow (with built-in conflicts)
aviat
0
1.1k
Tune your App Perf (and get fit for summer)
aviat
2
510

Other Decks in Programming

See All in Programming
エンジニア未経験が最短で戦力になるためのTips
gokana
0
270
Make Parsers Compatible Using Automata Learning
makenowjust
1
4.4k
ComposeでWebアプリを作る技術
tbsten
0
110
「”誤った使い方をすることが困難”な設計」で良いコードの基礎を固めよう / phpcon-odawara-2025
taniguhey
0
130
SQL Server ベクトル検索
odashinsuke
0
170
国漢文混用体からHolloまで
minhee
1
180
List とは何か? / PHPerKaigi 2025
meihei3
0
850
Coding Experience Cpp vs Csharp - meetup app osaka@9
harukasao
0
740
Being an ethical software engineer
xgouchet
PRO
0
210
Lambda(Python)の リファクタリングが好きなんです
komakichi
3
180
スモールスタートで始めるためのLambda×モノリス(Lambdalith)
akihisaikeda
2
260
Qiita Bash
mercury_dev0517
1
190

Featured

See All Featured
Writing Fast Ruby
sferik
628
61k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Designing Experiences People Love
moore
141
24k
Building Adaptive Systems
keathley
41
2.5k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
4 Signs Your Business is Dying
shpigford
183
22k
Bash Introduction
62gerente
611
210k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
5
520
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.3k
Reflections from 52 weeks, 52 projects
jeffersonlam
349
20k

Transcript

  1. Confidential & proprietary © Sqreen, 2015 sqreen.io Content Security Policy

    in your Rails apps in 30s

  2. © Sqreen sqreen.io Content Security Policy TL;DR

  3. Confidential & proprietary © Sqreen, 2015 sqreen.io Content Security Policy

    is ready to be used today

  4. Confidential & proprietary © Sqreen, 2015 sqreen.io Content Security Policy

    v2 is progressively supported

  5. © Sqreen sqreen.io Content Security Policy Failure? complex error prone

    can break anything between dev and prod

  6. © Sqreen sqreen.io <0.9% of websites using it Fail?

  7. © Sqreen sqreen.io Yet, Content Security Policy is an awesome

    protection... XSS click-jacking code injection Rogue extensions

  8. Confidential & proprietary © Sqreen, 2015 sqreen.io Sqreen helps you

    set up and maintain your Content Security Policy

  9. © Sqreen sqreen.io Sqreen updates your Content Security Policy in

    1-click

  10. Confidential & proprietary © Sqreen, 2015 sqreen.io Let's protect your

    Rails apps