Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Content Security Policy in your Rails apps in 30s

Jean-Baptiste Aviat
July 05, 2016
Programming
0
250

Content Security Policy in your Rails apps in 30s

Content Security Policy (CSP) is an HTTP header that instructs the browser to limit loading of external assets, such as scripts, styles or media to specific sources. It is intended to prevent wide categories of attacks, such as cross-site scripting (XSS), click-jacking and other code injection. This feature is powerful because it prevents many common attacks that target your users’ browsers.
We explain why Content Security Policy is complex to use and how Sqreen provides a powerful feature to easily add it to your applications.

Jean-Baptiste Aviat

July 05, 2016
Tweet

More Decks by Jean-Baptiste Aviat

See All by Jean-Baptiste Aviat
Writing a Python C extension in 2018
aviat
1
980
App Security is just a Git flow (with built-in conflicts)
aviat
0
1k
Tune your App Perf (and get fit for summer)
aviat
2
440

Other Decks in Programming

See All in Programming
PHP8.3の機能を振り返る / Review of PHP 8.3 features
seike460
PRO
1
110
Milestoner
bkuhlmann
1
410
1BRC--Nerd Sniping the Java Community
gunnarmorling
0
340
Hanami and htmx
bkuhlmann
0
210
検証も兼ねて個人開発でHonoとかと向き合った話
hanetsuki
0
830
Git Rebase
bkuhlmann
11
1.6k
はてなにおける CSS Modules、及び CSS Modules に足りないもの / CSS Modules in Hatena, and CSS Modules missing parts
mizdra
7
920
CA.swift19 恋するAIアプリ開発の裏側
oskmr
0
360
Elm 0.19.0 Changes
bkuhlmann
0
490
Komplexe Oberflächen mit SVG und der Web Animation API
joergneumann
0
670
サイコロで理解する統計的仮説検定の考え方
tatamiya
4
910
Site Reliability Engineering for GMO
pyama86
8
1k

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
GitHub's CSS Performance
jonrohan
1025
450k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
Why Our Code Smells
bkeepers
PRO
331
56k
Writing Fast Ruby
sferik
621
60k
In The Pink: A Labor of Love
frogandcode
138
21k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
19
1.7k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Designing the Hi-DPI Web
ddemaree
276
33k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
116
18k

Transcript

  1. Confidential & proprietary © Sqreen, 2015 sqreen.io Content Security Policy

    in your Rails apps in 30s

  2. © Sqreen sqreen.io Content Security Policy TL;DR

  3. Confidential & proprietary © Sqreen, 2015 sqreen.io Content Security Policy

    is ready to be used today

  4. Confidential & proprietary © Sqreen, 2015 sqreen.io Content Security Policy

    v2 is progressively supported

  5. © Sqreen sqreen.io Content Security Policy Failure? complex error prone

    can break anything between dev and prod

  6. © Sqreen sqreen.io <0.9% of websites using it Fail?

  7. © Sqreen sqreen.io Yet, Content Security Policy is an awesome

    protection... XSS click-jacking code injection Rogue extensions

  8. Confidential & proprietary © Sqreen, 2015 sqreen.io Sqreen helps you

    set up and maintain your Content Security Policy

  9. © Sqreen sqreen.io Sqreen updates your Content Security Policy in

    1-click

  10. Confidential & proprietary © Sqreen, 2015 sqreen.io Let's protect your

    Rails apps