Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
110
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
83
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
150
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
550
Debugging with PhpStorm & XDebug
christophrumpel
0
240
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
770
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
140
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
300
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
250
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
210
Other Decks in Technology
See All in Technology
コミュニティと共に変化する 私とFusicの8年間
ayasamind
0
430
これからアウトプットする人たちへ - アウトプットを支える技術 / that support output
soudai
PRO
16
4.9k
The Twin Mandate of Observability
charity
1
1.2k
【AWS reInvent 2025 関西組 事前勉強会】re:Inventの“感動と興奮”を思い出してモチベ爆上げしたいです
ttelltte
0
120
AWS 環境で GitLab Self-managed を試してみた/aws-gitlab-self-managed
emiki
0
350
サブドメインテイクオーバー事例紹介と対策について
mikit
17
8k
こんな時代だからこそ! 想定しておきたい アクセスキー漏洩後のムーブ
takuyay0ne
4
500
QAEが生成AIと越える、ソフトウェア開発の境界線
rinchsan
0
980
エンタープライズ企業における開発効率化のためのコンテキスト設計とその活用
sergicalsix
1
150
[2025-11-06] ベイズ最適化の基礎とデザイン支援への応用(CVIMチュートリアル)
yuki_koyama
1
380
Playwrightで始めるUI自動テスト入門
devops_vtj
0
260
NOT A HOTEL SOFTWARE DECK (2025/11/06)
notahotel
0
3.8k
Featured
See All Featured
Statistics for Hackers
jakevdp
799
220k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
31
2.7k
Site-Speed That Sticks
csswizardry
13
960
Git: the NoSQL Database
bkeepers
PRO
431
66k
Context Engineering - Making Every Token Count
addyosmani
8
360
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
10
660
For a Future-Friendly Web
brad_frost
180
10k
Practical Orchestrator
shlominoach
190
11k
Thoughts on Productivity
jonyablonski
73
4.9k
BBQ
matthewcrist
89
9.9k
Leading Effective Engineering Teams in the AI Era
addyosmani
8
1k
Fireside Chat
paigeccino
41
3.7k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN
christophrumpel
ayasamind
soudai
charity
ttelltte
emiki
mikit
takuyay0ne
rinchsan
sergicalsix
yuki_koyama
devops_vtj
notahotel
jakevdp
bluesmoon
csswizardry
bkeepers
addyosmani
tammyeverts
brad_frost
shlominoach
jonyablonski
matthewcrist
paigeccino
