Hacker News
- Content Security Policy by API https://www.npmjs.com/package/csp-by-api 3 comments
- An Introduction to Content Security Policy http://www.html5rocks.com/en/tutorials/security/content-security-policy/ 2 comments
- Content Security Policy (CSP) for the web we have https://blog.mozilla.org/security/2014/10/04/csp-for-the-web-we-have/ 7 comments
- Content Security Policy: A Primer http://mikewest.org/2011/10/content-security-policy-a-primer 4 comments
- Reshaping web defenses with strict Content Security Policy https://security.googleblog.com/2016/09/reshaping-web-defenses-with-strict.html 24 comments
- On the Insecurity of Whitelists and the Future of Content Security Policy [pdf] https://static.googleusercontent.com/media/research.google.com/en/pubs/archive/45542.pdf 9 comments
- On the Insecurity of Whitelists and the Future of Content Security Policy https://research.google.com/pubs/pub45542.html 13 comments
- GitHub's Content Security Policy journey http://githubengineering.com/githubs-csp-journey/ 23 comments
- Fighting cryptojacking and doing good things with content security policies https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ 45 comments
- Show HN: Data-Driven Content Security Policy Builder, Firefox Addon https://addons.mozilla.org/en-US/firefox/addon/csper-builder/ 2 comments
Lobsters
- Implementing a Content Security Policy in Haskell https://jezenthomas.com/implementing-csp-in-yesod/ 4 comments haskell
- Enforcer: Content-Security-Policy Tester/Analyzer https://chrome.google.com/webstore/detail/caspr-enforcer/fekcdjkhlbjngkimekikebfegbijjafd 4 comments netsec
- Just wondering, how many of you here use Content-Security-Policy or Public-Key-Pins headers on your website? https://www.reddit.com/r/webdev/comments/6of2yr/just_wondering_how_many_of_you_here_use/ 7 comments webdev
- Content Security Policies are absolute swiss cheese https://www.lunasec.io/docs/blog/csp/ 2 comments programming
- How Do I set up Content Security Policies? https://stackoverflow.com/questions/27464168/how-to-include-scripts-located-inside-the-node-modules-folder 3 comments node
- Content Security Policy for Dummies https://r0075h3ll.github.io/CSP-for-Dummies/ 2 comments netsec
- how important is content security policy? https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection 11 comments flask
- Fix Content Security Policy violations? http://localhost:3000/mini-profiler-resources/includes.js?v=35a79b300ab5afa978cb59af0b05e059 5 comments rails
- Having an issue with Content Security Policy https://github.com/AvianOverlord/React-Quiz-2.0/tree/public 13 comments heroku
- Content Security Policy - protect your website from XSS attacks https://itsopensource.com/content-security-policy/ 3 comments javascript
- Content Security Policy (CSP) Bypasses http://ghostlulz.com/content-security-policy-csp-bypasses/ 3 comments netsec
- Your website needs a Content Security Policy. Here's why https://lukasvileikis.com/your-website-needs-a-csp-heres-why/ 8 comments netsec
- Content Security Policy Report Aggregator https://caspr.io 3 comments netsec
- Curious case of Content Security Policy (CSP) https://www.vinaybhinde.in/2020/08/a-curious-case-of-content-security-policy-csp/ 14 comments javascript
- cspparse: A tool to evaluate Content Security Policies. https://github.com/c0rb3n/cspparse 4 comments netsec
- Content Security Policy coming to Rails 5.2, how to introduce it? https://bauland42.com/ruby-on-rails-content-security-policy-csp/ 4 comments rails
- Reshaping web defenses with strict Content Security Policy https://security.googleblog.com/2016/09/reshaping-web-defenses-with-strict.html 3 comments netsec
- Genius's "annotate anywhere" feature has been stripping content security policy http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability 5 comments netsec
- Implementing Content Security Policy at Dropbox https://blogs.dropbox.com/tech/tag/content-security-policy/ 3 comments netsec
- Mozillas Content Security Policy - Finally a useful tool against XSS http://bottiger.org/wrote/21-mozillas-content-security-policy 9 comments netsec
- Newspipe - configure your Content Security Policy per instance. https://github.com/cedricbonhomme/newspipe/releases/tag/v9.3.0 6 comments selfhosted
- When desperate, can I change Firefox's handling of Content Security Policy, for a single tab? https://www.reddit.com/r/firefox/comments/fer3vu/when_desperate_can_i_change_firefoxs_handling_of/ 7 comments firefox
- Stop XSS in its tracks forever with the Content Security Policy HTTP Header http://www.html5rocks.com/en/tutorials/security/content-security-policy/ 5 comments webdev
- Help implementing a nonce based Content Security Policy in React https://csp.withgoogle.com/docs/adopting-csp.html 3 comments reactjs
- How a Content Security Policy (CSP) Could Have Protected Newegg https://blog.sentry.io/2018/09/20/content-security-policy-newegg-breach 17 comments programming
- Mitigate cross-site scripting (XSS) with a strict Content Security Policy (CSP) https://web.dev/strict-csp/ 2 comments webdev
- Content Security Policy is going to make the web safer. Learn how it works and give it a test drive. http://cspplayground.com 3 comments programming
- Neatly bypassing Content Security Policy. Why 'unsafe-inline' is almost always a full-fledged XSS https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa 10 comments netsec
- CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy https://research.google.com/pubs/pub45542.html 3 comments netsec
- microsoft's edge web browser comes with a hidden whitelist file designed to allow facebook to circumvent the built-in click-to-play security policy to autorun flash content without having to ask for user consent. https://www.bleepingcomputer.com/news/security/microsoft-edge-secret-whitelist-allows-facebook-to-autorun-flash/ 39 comments privacy