Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Content Security Policy 101 - Lightning Talk

Avatar for Christoph Rumpel Christoph Rumpel
April 24, 2018
Technology
1
110

Content Security Policy 101 - Lightning Talk

This is a 5min talk version of Content Security Policy 101 talk.

Avatar for Christoph Rumpel

Christoph Rumpel

April 24, 2018
Tweet

More Decks by Christoph Rumpel

See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
Avatar for Christoph Rumpel christophrumpel
0
78
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
Avatar for Christoph Rumpel christophrumpel
0
140
Why Refactoring Is The Best Tool To Write Better Code
Avatar for Christoph Rumpel christophrumpel
0
550
Debugging with PhpStorm & XDebug
Avatar for Christoph Rumpel christophrumpel
0
230
The final Laravel Service Container talk (Laracon Online)
Avatar for Christoph Rumpel christophrumpel
1
760
NomadPHP - The Laravel Core - Demystify The Beast
Avatar for Christoph Rumpel christophrumpel
0
140
Laravel Factories Reloaded (Laracon Online)
Avatar for Christoph Rumpel christophrumpel
1
300
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
Avatar for Christoph Rumpel christophrumpel
0
240
The Laravel Core - Demystify The Beast (New York)
Avatar for Christoph Rumpel christophrumpel
0
210

Other Decks in Technology

See All in Technology
2025/09/16 仕様駆動開発とAI-DLCが導くAI駆動開発の新フェーズ
Avatar for オカムラ masahiro_okamura
0
130
「Linux」という言葉が指すもの
Avatar for Satoru Takeuchi sat
PRO
4
140
LLMを搭載したプロダクトの品質保証の模索と学び
Avatar for SmartHR 品質保証部 qa
0
1.1k
ブロックテーマ時代における、テーマの CSS について考える Toro_Unit / 2025.09.13 @ Shinshu WordPress Meetup
Avatar for Toro_Unit (Hiroshi Urabe) torounit
0
130
2つのフロントエンドと状態管理
Avatar for MIXI ENGINEERS mixi_engineers
PRO
3
120
20250913_JAWS_sysad_kobe
Avatar for Takuya Yonezawa takuyay0ne
2
250
TS-S205_昨年対比2倍以上の機能追加を実現するデータ基盤プロジェクトでのAI活用について
Avatar for K.Mitsuhashi kaz3284
1
220
【NoMapsTECH 2025】AI Edge Computing Workshop
Avatar for ITO Akihiro akit37
0
230
20250910_障害注入から効率的復旧へ_カオスエンジニアリング_生成AIで考えるAWS障害対応.pdf
Avatar for sh_fk2 sh_fk2
3
270
S3アクセス制御の設計ポイント
Avatar for tommy tommy0124
3
200
Oracle Cloud Infrastructure IaaS 新機能アップデート 2025/06 - 2025/08
Avatar for oracle4engineer oracle4engineer
PRO
0
110
人工衛星のファームウェアをRustで書く理由
Avatar for KOBA789 koba789
15
8.3k

Featured

See All Featured
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
580
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
347
40k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3k
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
53k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
507
140k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
70
11k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
53
7.8k
Docker and Python
Avatar for Tania Allard trallard
46
3.6k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.8k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
26
1.9k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
29
2.9k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
53
2.9k

Transcript

  1. Hello webclerks :)

  2. Content Security Policy 101

  3. Content Security Policy 101 Can Christoph do 40 slides in

    5 minutes?

  4. ABOUT ME

  5. CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel

    christoph-rumpel.com

  6. SECURITY IS HARD

  7. SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing

    Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks

  8. Adobe Playstation Network Cloudflare FAMOUS LEAKS

  9. How can we protect our sites when even big companies

    can't?

  10. Step by step

  11. CONTENT SECURITY POLICY

  12. CSP lets you define trusted resources.

  13. Content-Security-Policy: policies

  14. Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE

  15. img-src *; script-src 'self'; DIRECTIVES

  16. img-src *; script-src 'self'; LOCATIONS

  17. img-src *; script-src 'self'; TRANSLATED Images are allowed to be

    loaded from any resource

  18. img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be

    loaded from the current site's origin only

  19. img-src script-src DIRECTIVES

  20. img-src script-src style-src font-src media-src form-action ...

  21. * 'self' LOCATIONS

  22. * 'self' domain.example.com *.example.com 'none' ...

  23. CSP christoph-rumpel.com

  24. BROWSER SUPPORT

  25. BROWSER SUPPORT

  26. INTEGRATIONS

  27. SERVER CONFIGURATION Apache

  28. SERVER CONFIGURATION Nginx

  29. LARAVEL MIDDLEWARE

  30. WP Content Security Policy Plugin - Screenshot Policies PLUGINS

  31. MUCH MORE

  32. HASHES AND NONCES

  33. REPORTING

  34. Content Security Policy 101 Laravel Response Caching And CSP CSP,

    Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES

  35. THANKS

  36. QUESTIONS?

  37. THANKS AGAIN