Tag Archive

Bypassing CSP via ajax.googleapis.com – Dawid Czagan

Published on July 7, 2020 By sanna

Content Security Policy (CSP) is the number one defensive technology in modern web applications. Many developers add ajax.googleapis.com to CSP definitions, because they use libraries from this very popular CDN in their web applications. The problem is that it completely bypasses the CSP and obviously you don’t want that to happen. Since CSP should be […]

DeepSec 2016 Talk: CSP Is Dead, Long Live Strict CSP! – Lukas Weichselbaum

Published on September 8, 2016 By sanna

The Content Security Policy (CSP) is an additional layer of security for web applications. It is intended to detect and mitigate certain types of attacks. CSP is deployed by using the HTTP Content-Security-Policy header for publishing a policy. The policy instructs the web client how various resources will be used, where they come from, and […]