Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Christoph Rumpel
April 24, 2018
Technology
130
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
130
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
190
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
600
Debugging with PhpStorm & XDebug
christophrumpel
0
290
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
820
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
180
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
340
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
280
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
240
Other Decks in Technology
See All in Technology
iOS アプリの「これって不具合ですか?」を AI に調べてもらう
miichan
0
140
感情と身体を置き去りにしない、エンジニアの生きのこり方 ──いまから、ここから「自分の状態」を扱うという選択
saorimurooka
0
330
自宅LLMの話
jacopen
1
720
GitHub Copilot app最速の発信の裏側
tomokusaba
1
250
AIチャットの改善から見えた、良いAI体験とは / What Constitutes a Good AI Experience: Insights from Improving AI Chat
kubode
0
120
時期が悪い!それでもRaspberry Piを買って遊んで活用するには / 20260627-osc26do-rpi-jikigawarui
akkiesoft
0
780
BPaaSで進むAIオペレーションの現在地 AI実装が効く領域とスケーラビリティの選定と実装
kentarofujii
0
120
AIAU_UMEMOGU_ninomiya_slide
ninomiya_ii
0
260
AWS Security Agent といっしょに脅威モデリングをやってみよう
amarelo_n24
1
210
[チョークトーク資料]AWS DevOps Agent を使いこなす / AWS Dev Ops Agent Chalk Talk AWS Summit Japan 2026
kinunori
4
770
フィジカル版Github Onshapeの紹介
shiba_8ro
0
320
20260619 私の日常業務での生成 AI 活用
masaruogura
1
250
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
100
6.2k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
370
Building Adaptive Systems
keathley
44
3.1k
Documentation Writing (for coders)
carmenintech
77
5.4k
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
440
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
65
56k
The Pragmatic Product Professional
lauravandoore
37
7.3k
エンジニアに許された特別な時間の終わり
watany
107
250k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
780
Docker and Python
trallard
47
3.9k
Prompt Engineering for Job Search
mfonobong
0
350
XXLCSS - How to scale CSS and keep your sanity
sugarenia
250
1.3M
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN