nqthqn
15 properties of living structures
About
An Ode to Paper
Authorization
Basics with Blender
Beguiling Bigrams
Builder Pattern
Content Security Policy
Convergent & Divergent Thinking
Cross-Site Request Forgery Prevention
Custom Elements or Web Components
Design Philosophy
Early Exposure
Flummoxing Feedback
Fonts with Obsidian Publish
HMAC
I use Helix
journey to image hooks
Kleene star notation
Knowledge Garden Planning
learn together
Marvel at the multiplex
Morphosyntax
other people say
Phantom Type
Pruning your Knowledge Garden
Résumé
Rotoscoping
SaaS Products
SHA-1
Simpler Obsidian
Trailhead
unknown unknowns
Web Security
Wordy
XSS
nqthqn

Content Security Policy

Notes from OWASP on CSP

  • An extra header can be set on a server response that includes security directives for the browser
  • It can defend against XSS attacks by whitelisting certain script and other asset sources (no more evil.com/bad.js getting injected and stealing tokens from local storage)
Links to this page
Web Security
Content Security Policy
Interactive graph
Powered by Obsidian Publish