Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
110
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
66
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
130
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
540
Debugging with PhpStorm & XDebug
christophrumpel
0
220
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
760
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
130
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
290
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
240
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
200
Other Decks in Technology
See All in Technology
Yahoo!しごとカタログ 新しい境地を創るエンジニア募集!
lycorptech_jp
PRO
0
130
60以上のプロダクトを持つ組織における開発者体験向上への取り組み - チームAPIとBackstageで構築する組織の可視化基盤 - / sre next 2025 Efforts to Improve Developer Experience in an Organization with Over 60 Products
vtryo
0
170
ビズリーチが挑む メトリクスを活用した技術的負債の解消 / dev-productivity-con2025
visional_engineering_and_design
3
7.8k
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
960
生まれ変わった AWS Security Hub (Preview) を紹介 #reInforce_osaka / reInforce New Security Hub
masahirokawahara
0
480
AWS認定を取る中で感じたこと
siromi
1
190
さくらのIaaS基盤のモニタリングとOpenTelemetry/OSC Hokkaido 2025
fujiwara3
3
450
Lakebaseを使ったAIエージェントを実装してみる
kameitomohiro
0
140
敢えて生成AIを使わないマネジメント業務
kzkmaeda
2
450
United Airlines Customer Service– Call 1-833-341-3142 Now!
airhelp
0
170
AI時代の開発生産性を加速させるアーキテクチャ設計
plaidtech
PRO
3
160
AI エージェントと考え直すデータ基盤
na0
7
2.1k
Featured
See All Featured
Making the Leap to Tech Lead
cromwellryan
134
9.4k
Thoughts on Productivity
jonyablonski
69
4.7k
Facilitating Awesome Meetings
lara
54
6.4k
Producing Creativity
orderedlist
PRO
346
40k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
[RailsConf 2023] Rails as a piece of cake
palkan
55
5.7k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Unsuck your backbone
ammeep
671
58k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
740
Making Projects Easy
brettharned
116
6.3k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN