Fundamentals of Content Security Policy in Craft CMS

Name: Mijingo, LLC
Price range: $

In this livestream excerpt, Andrew walks through how to implement a Content Security Policy in Craft CMS and Twig.

Craft 5

Have you been asked to ensure a project in Craft CMS has a Content Security Policy?

In this excerpt from the CraftQuest on Call livestream, Andrew Welch covers what a Content Security Policy is, what XSS is, how a form can be used to hijack a page with malicious code, and how to prevent those attacks using a custom Content Security Policy.

Lesson Materials

Some stuff to help you along during the lesson:

Content-Security-Policy (CSP)

What is cross-site scripting (XSS) and how to prevent it?

CSP Evaluator

CSP Evaluator Chrome Extension

Definition of nonce

Cryptographic nonce

Craft CMS Vite Plugin

More you should learn about Security

Fundamentals of Content Security Policy in Craft CMS

CraftQuest on Call: Craft 5.4 and CSPs

Craft 101

Ephemeral File Systems and Exploits