Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
120
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
99
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
170
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
570
Debugging with PhpStorm & XDebug
christophrumpel
0
260
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
790
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
160
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
310
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
260
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
230
Other Decks in Technology
See All in Technology
FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE
maaaato
0
130
SREチームをどう作り、どう育てるか ― Findy横断SREのマネジメント
rvirus0817
0
320
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
mikimatsumoto
0
260
データの整合性を保ちたいだけなんだ
shoheimitani
8
3.2k
モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう
minorun365
4
220
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
miu_crescent
PRO
3
210
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
torumakabe
1
590
コミュニティが変えるキャリアの地平線:コロナ禍新卒入社のエンジニアがAWSコミュニティで見つけた成長の羅針盤
kentosuzuki
0
130
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
shift_evolve
PRO
1
360
OCI Database Management サービス詳細
oracle4engineer
PRO
1
7.4k
~Everything as Codeを諦めない~ 後からCDK
mu7889yoon
3
450
AIエージェントに必要なのはデータではなく文脈だった/ai-agent-context-graph-mybest
jonnojun
0
180
Featured
See All Featured
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
110
Git: the NoSQL Database
bkeepers
PRO
432
66k
Paper Plane (Part 1)
katiecoart
PRO
0
4.3k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
180
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
200
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Facilitating Awesome Meetings
lara
57
6.8k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
0
1.1k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
0
150
Why Our Code Smells
bkeepers
PRO
340
58k
The World Runs on Bad Software
bkeepers
PRO
72
12k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.2k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN
christophrumpel
maaaato
rvirus0817
mikimatsumoto
shoheimitani
minorun365
miu_crescent
torumakabe
kentosuzuki
shift_evolve
oracle4engineer
mu7889yoon
jonnojun
techseoconnect
bkeepers
katiecoart
davetheseo
tamaranovitovic
iamctodd
lara
aleyda
minecr
signer
