Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Christoph Rumpel
April 24, 2018
Technology
120
1
Share
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
120
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
190
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
590
Debugging with PhpStorm & XDebug
christophrumpel
0
290
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
810
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
180
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
330
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
270
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
240
Other Decks in Technology
See All in Technology
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
100k
なぜ、私がCommunity Builderに?〜活動期間1か月半でも選出されたワケ〜
yama3133
0
130
PdM・Eng・QAで進めるAI駆動開発の現在地/aidd-with-pdm-eng-qa
shota_kusaba
0
240
写真で見るAWS Summit Singapore 2026
k_adachi_01
0
110
20260515 ⾃分のアカウントとプライバシーを守る認証と認可の話〜利⽤者向け〜
oidfj
0
580
Swift Sequence の便利 API 再発見
treastrain
1
280
AI対話分析の夢と、汚いデータの現実 Looker / Dataplex / Dataform で実現する品質ファーストな基盤設計
waiwai2111
0
520
Redmine次期バージョン7.0の注目新機能解説 — UI/UX強化と連携強化を中心に
vividtone
1
120
「強制アップデート」か「チームの自律」か?エンタープライズが辿り着いたプラットフォームのハイブリッド運用/cloudnative-kaigi-hybrid-platform-operations
mhrtech
0
200
AI-Assisted Contributions and Maintainer Load - PyCon US 2026
pauloxnet
1
140
Gaussian Splattingの実用化 - 映像制作への展開
gpuunite_official
0
190
AIを賢くしたいなら、まずは人間の改善ループから
subroh0508
0
120
Featured
See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.8k
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.2k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
150
How to Think Like a Performance Engineer
csswizardry
28
2.6k
4 Signs Your Business is Dying
shpigford
187
22k
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
reverentgeek
1
440
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.2k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
25k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
Fireside Chat
paigeccino
42
3.9k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
370
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN
christophrumpel
oracle4engineer
yama3133
.jpg){kind=avatar}
shota_kusaba
k_adachi_01
.png){kind=avatar}
oidfj
treastrain
waiwai2111
vividtone
mhrtech
pauloxnet
gpuunite_official
subroh0508
jnunemaker
charlesmeaden
kimpetersen
csswizardry
shpigford
reverentgeek
ipullrank
keithpitt
addyosmani
eileencodes
paigeccino
inesmontani
