Open in app
Home
Notifications
Lists
Stories

Write
Edward
Edward

Home

Published in Gusto Engineering

·May 10, 2019

Nonce-based Content Security Policy (CSP) in Rails

Introduction During my time at Gusto as a part of the Application Security team, I’ve been exploring ways to improve defense against Cross-Site Scripting (XSS) in modern web applications. At Gusto, we primarily use Ruby on Rails and React.js. Individually each framework comes with some XSS protections out of the box…

Security

6 min read

Nonce-based Content Security Policy (CSP) in Rails
Nonce-based Content Security Policy (CSP) in Rails
Edward

Edward

Following
  • d0nut

    d0nut

  • Sean (zseano)

    Sean (zseano)

  • Alex Birsan

    Alex Birsan

  • Jonathan Bouman

    Jonathan Bouman

  • Alyssa Herrera

    Alyssa Herrera

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable