recentpopularlog in


« earlier   
Content Security Policy  |  Web Fundamentals  |  Google Developers
CSP doesn't want you to use in-line scripts and other resources, but if there are performance or other reasons, then you can include a nonce in the inline script and in the HTTP CSP headers that much match.
:velo:toimplement  csp  http  web  security  nonce 
4 days ago by reedhedges
Neatly bypassing CSP – Wallarm
Content Security Policy or CSP is a built-in browser technology which helps protect from attacks such as cross-site scripting (XSS). It lists and describes paths and sources, from which the browser…
csp  web  cors  iframe  bypass  security 
7 days ago by xer0x
I’m harvesting credit card numbers and passwords from your site. Here’s how.
Describes a speculative attack that CSP should help defend against.

n.b. this article also describes a variation using prefetch that can sneak past CSP.
csp  security  prefetch 
7 days ago by wrumsby
Getting Started with the Cloud Solution Provider APIs – Paul Andrew
If you're a Cloud Solution Provider (CSP) partner, you have many options for transacting your customers orders with Microsoft. In this post I'll walk through getting started with the CSP Application Programming Interfaces (APIs) and point you to some resources for learning more about them.
microsoft  CSP 
4 weeks ago by andyhuey
RT : While this little spotlight's still warm, I should also credit for teaching that is actually *not* v…
CSP  from twitter_favs
4 weeks ago by codepo8

Copy this bookmark:

to read