Hacker News
- Content Security Policy https://github.com/blog/1477-content-security-policy 12 comments
- An Introduction to Content Security Policy http://www.html5rocks.com/en/tutorials/security/content-security-policy/ 2 comments
- Content Security Policy: A Primer http://mikewest.org/2011/10/content-security-policy-a-primer 4 comments
- Htmx does not play well with content security policy https://www.sjoerdlangkemper.nl/2024/06/26/htmx-content-security-policy/ 60 comments
- GitHub's Content Security Policy journey http://githubengineering.com/githubs-csp-journey/ 23 comments
- Practical prevention of web shenanigans with Content Security Policy https://certsimple.com/blog/csp-shenanigans 2 comments
- Show HN: Data-Driven Content Security Policy Builder, Firefox Addon https://addons.mozilla.org/en-US/firefox/addon/csper-builder/ 2 comments
- Enforcer: Content-Security-Policy Tester/Analyzer https://chrome.google.com/webstore/detail/caspr-enforcer/fekcdjkhlbjngkimekikebfegbijjafd 4 comments netsec
- Bug: Safari’s default <audio>/<video> controls blocked when applying a Content-Security-Policy https://www.ctrl.blog/entry/safari-csp-media-controls 2 comments webdev
- Just wondering, how many of you here use Content-Security-Policy or Public-Key-Pins headers on your website? https://www.reddit.com/r/webdev/comments/6of2yr/just_wondering_how_many_of_you_here_use/ 7 comments webdev
- Content Security Policies are absolute swiss cheese https://www.lunasec.io/docs/blog/csp/ 2 comments programming
- My Shopify Site is "Blocked by Content Security Policy" https://www.reddit.com/r/shopify/comments/c2waud/my_shopify_site_is_blocked_by_content_security/ 5 comments shopify
- How Do I set up Content Security Policies? https://stackoverflow.com/questions/27464168/how-to-include-scripts-located-inside-the-node-modules-folder 3 comments node
- Content Security Policy for Dummies https://r0075h3ll.github.io/CSP-for-Dummies/ 2 comments netsec
- how important is content security policy? https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection 11 comments flask
- Fix Content Security Policy violations? http://localhost:3000/mini-profiler-resources/includes.js?v=35a79b300ab5afa978cb59af0b05e059 5 comments rails
- Having an issue with Content Security Policy https://github.com/AvianOverlord/React-Quiz-2.0/tree/public 13 comments heroku
- Content Security Policy - protect your website from XSS attacks https://itsopensource.com/content-security-policy/ 3 comments javascript
- Content Security Policy (CSP) Bypasses http://ghostlulz.com/content-security-policy-csp-bypasses/ 3 comments netsec
- Your website needs a Content Security Policy. Here's why https://lukasvileikis.com/your-website-needs-a-csp-heres-why/ 8 comments netsec
- Content Security Policy Report Aggregator https://caspr.io 3 comments netsec
- Curious case of Content Security Policy (CSP) https://www.vinaybhinde.in/2020/08/a-curious-case-of-content-security-policy-csp/ 14 comments javascript
- cspparse: A tool to evaluate Content Security Policies. https://github.com/c0rb3n/cspparse 4 comments netsec
- Content Security Policy coming to Rails 5.2, how to introduce it? https://bauland42.com/ruby-on-rails-content-security-policy-csp/ 4 comments rails
- Reshaping web defenses with strict Content Security Policy https://security.googleblog.com/2016/09/reshaping-web-defenses-with-strict.html 3 comments netsec
- Genius's "annotate anywhere" feature has been stripping content security policy http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability 5 comments netsec
- Implementing Content Security Policy at Dropbox https://blogs.dropbox.com/tech/tag/content-security-policy/ 3 comments netsec
- XSS is the #1 security problem on the web... Content Security Policy is the fix http://www.youtube.com/watch?v=pocsv39pNXA 5 comments netsec
- Mozillas Content Security Policy - Finally a useful tool against XSS http://bottiger.org/wrote/21-mozillas-content-security-policy 9 comments netsec
- Newspipe - configure your Content Security Policy per instance. https://github.com/cedricbonhomme/newspipe/releases/tag/v9.3.0 6 comments selfhosted
- When desperate, can I change Firefox's handling of Content Security Policy, for a single tab? https://www.reddit.com/r/firefox/comments/fer3vu/when_desperate_can_i_change_firefoxs_handling_of/ 7 comments firefox
- Stop XSS in its tracks forever with the Content Security Policy HTTP Header http://www.html5rocks.com/en/tutorials/security/content-security-policy/ 5 comments webdev
- Help implementing a nonce based Content Security Policy in React https://csp.withgoogle.com/docs/adopting-csp.html 3 comments reactjs
- How a Content Security Policy (CSP) Could Have Protected Newegg https://blog.sentry.io/2018/09/20/content-security-policy-newegg-breach 17 comments programming
- Mitigate cross-site scripting (XSS) with a strict Content Security Policy (CSP) https://web.dev/strict-csp/ 2 comments webdev
- Content Security Policy is going to make the web safer. Learn how it works and give it a test drive. http://cspplayground.com 3 comments programming
- Neatly bypassing Content Security Policy. Why 'unsafe-inline' is almost always a full-fledged XSS https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa 10 comments netsec
- CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy https://research.google.com/pubs/pub45542.html 3 comments netsec
- microsoft's edge web browser comes with a hidden whitelist file designed to allow facebook to circumvent the built-in click-to-play security policy to autorun flash content without having to ask for user consent. https://www.bleepingcomputer.com/news/security/microsoft-edge-secret-whitelist-allows-facebook-to-autorun-flash/ 39 comments privacy
- I created script-src-generator, a binary cli and Go package for generating script-src directives for a Content Security Policy (CSP) - what does everyone else use? https://github.com/JOT85/script-src-generator 2 comments golang