このページは https://speakerdeck.com/polarblau/a-primer-on-content-security-policy の内容を掲載しています。
Content Security Policy (CSP) is as a security concept aiming to prevent XSS and other forms of b...
Content Security Policy (CSP) is as a security concept aiming to prevent XSS and other forms of browser–based attacks right where they happen — in the browser. CSP has been around for a little while but it’s only now that browser vendors are closing in on implementing most of the W3C specification.
This talk will take a look at what CSP is, why it matters and how to use it with Ruby–based web applications.