How can we protect our sites when
even big companies can't?
Slide 10
Slide 10 text
Step by step
Slide 11
Slide 11 text
CONTENT SECURITY
POLICY
Slide 12
Slide 12 text
Content Security Policy (CSP) is an added
layer of security that helps to detect and
mitigate certain types of attacks,
including Cross Site Scripting (XSS) and
data injection attacks.
“
„
MDN WEB DOCS
Slide 13
Slide 13 text
CSP lets you define trusted resources.
Slide 14
Slide 14 text
Content-Security-Policy: policies
Slide 15
Slide 15 text
Content-Security-Policy: policy
HTTP Header name
Slide 16
Slide 16 text
Content-Security-Policy: policy
HTTP Header value
Slide 17
Slide 17 text
Content-Security-Policy: img-src *; script-src 'self';
Policies
EXAMPLE
Slide 18
Slide 18 text
img-src *; script-src 'self';
DIRECTIVES
Slide 19
Slide 19 text
img-src *; script-src 'self';
SOURCES
Slide 20
Slide 20 text
img-src *; script-src 'self';
TRANSLATED
Images are allowed to be loaded from any resource
Slide 21
Slide 21 text
img-src *; script-src 'self';
TRANSLATED
Scripts are allowed to be loaded from the current site's origin only