Content Security Policy

What you should know

  • What HTTP headers are and their general purpose.
  • Some experience working in the server environment.
  • The various types of HTTP requests that exist (POST, GET …).
  • APIs.
  • The Document Object Model (DOM).
  • Express middleware (optional).

Why CSP?

Example:

The difference between CORS & CSP

Example:

Configuring CSP

  • object-src
  • default-src
  • script-src
  • style-src
  • connect-src
  • font-src

Implementing Directives

Meta Tag Method

<meta http-equiv="Content-Security-Policy" content="default-src  'self'; script-src ‘unsafe-inline’">

Server Method

app.use(
helmet.contentSecurityPolicy({
directives: {
defaultSrc: \["'self'"],
scriptSrc: \["'self'", "https://example.com"],
objectSrc: \["'none'"],
},
})
);

Conclusion

--

--

--

Hey! I'm a self-taught web development student working towards becoming a full stack developer. I've started writing on Medium to share what I've learned.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Leaked credentials for Workload identities

$LEV Single Staking Pool is Now Live! (ETH&BSC Version)

A glimpse of unrestricted file upload

DoH : Towards more Privacy

Is Your Website a Sitting Duck for Hackers?

The Application Scenarios for Tusima’s Privacy Computing Technology

How to mine Vidulum with your GPU: A step-by-step guide

WIFI Cracking II (with tutorial)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Devin Davis

Devin Davis

Hey! I'm a self-taught web development student working towards becoming a full stack developer. I've started writing on Medium to share what I've learned.

More from Medium

Linksys Velop Admin Password | Linksys Velop Login

Spheron Protocol provides a simple interface for hosting your websites and applications on…

Designating Trusted Contacts and Naming Beneficiaries — Apprise Wealth Management