Content Security Policy

What you should know

  • What HTTP headers are and their general purpose.
  • Some experience working in the server environment.
  • The various types of HTTP requests that exist (POST, GET …).
  • APIs.
  • The Document Object Model (DOM).
  • Express middleware (optional).

Why CSP?

Example:

The difference between CORS & CSP

Example:

Configuring CSP

  • object-src
  • default-src
  • script-src
  • style-src
  • connect-src
  • font-src

Implementing Directives

Meta Tag Method

<meta http-equiv="Content-Security-Policy" content="default-src  'self'; script-src ‘unsafe-inline’">

Server Method

app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: \["'self'"],
scriptSrc: \["'self'", "https://example.com"],
objectSrc: \["'none'"],
},
})
);

Conclusion

--

--

--

Hey! I'm a self-taught web development student working towards becoming a full stack developer. I've started writing on Medium to share what I've learned.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Interlock — Telegram AMA — April 1

Managed Security Providers driving profitable MDR services with Stellar Cyber Open-XDR Platform

Ripple Takes Off Gloves In XRP Lawsuit, Pursue ‘Ridiculous’ SEC Tactics: Crypto Legal Expert

Metamask Advises Users to Disable iCloud Backups After $650k Phishing Scam

Metamask Advises Users to Disable iCloud Backups After $650k Phishing Scam

NSE or backside of Nmap

Masking sensitive data using Dataweave in Mulesoft

OMNI Will Have Anti-Bot Protection During Our Pancake Swap Listing.

{UPDATE} Social Mall Hidden Objects Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Devin Davis

Devin Davis

Hey! I'm a self-taught web development student working towards becoming a full stack developer. I've started writing on Medium to share what I've learned.

More from Medium

Week4 report — GeorgeEloit Digital Project

Auburn University

Crud Operation In React.js and Mysql

Implementing Content Negotiation in AdonisJS v5