Tag: CSP

Total 22 Posts

Adding security headers to Prism JS

I recently came across the Prism JS syntax highlighting library whilst looking at a few options to spruce up my blog. I was very disappointed, though not at all surprised, that they didn't have support for my favourite security headers, so I added it. Prism JS The Prism JS library…

Continue Reading

CSP Nonce support in Nginx

Content Security Policy is an incredibly powerful security feature but in some circumstances it can be a little difficult to deploy. Removing inline scripts or styles often comes up as one of the hurdles. Here's how I introduced CSP nonce support in Nginx to counter the problem. Content Security Policy…

Continue Reading

Enforcing the use of SRI

Subresource Integrity is an awesome security feature that allows us to ensure that assets served by a CDN haven't been tampered with. Now, thanks to a new directive in CSP, we can ensure that SRI is used across our site. SRI In short, SRI allows us to embed the hash…

Continue Reading