Open in app

Sign in

Write

Sign in

Content Security Policy, an introduction

Thiago Tomasi
Alpaca Review
Published in
1 min readApr 16, 2015

Security has always been a very important issue when it is developing a system or application, and as front end developer you definitely have to worry about this.

Originally developed by the Mozilla Foundation in 2012 the Content Security Policy (CSP) that is a safety concept that helps to avoid the cross-site scripting (XSS) and related attacks providing an HTTP header standard that allows developers to declare the authorized sources from which files can be downloaded, this files can be: JavaScript, CSS, HTML, fonts, images, audio and video files.

This article written by Mike West gives an introduction about CSP with the basic examples, a huge help for those beginning to study Content Security Policy.

An Introduction to Content Security Policy - HTML5 Rocks

The web's security model is rooted in the same origin policy . Code from https://mybank.com should only have access to…

www.html5rocks.com

More references:

Content Security Policy Reference

Content Security Policy Reference Guide and Examples

content-security-policy.com

Content Security Policy (CSP)

In order to mitigate a large class of potential cross-site scripting issues, Chrome's extension system has incorporated…

developer.chrome.com

Introducing Content Security Policy

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks…

developer.mozilla.org

CSP (Content Security Policy)

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks…

developer.mozilla.org

Security
Front End Development
Development

--

--

Thiago Tomasi
Alpaca Review

Written by Thiago Tomasi

163 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams