2026 Community Survey results are here! See how the Craft CMS community works. results are live!

Fundamentals of Content Security Policy in Craft CMS

Name: Mijingo, LLC
Price range: $

In this livestream excerpt, Andrew walks through how to implement a Content Security Policy in Craft CMS and Twig.

Have you been asked to ensure a project in Craft CMS has a Content Security Policy?

In this excerpt from the CraftQuest on Call livestream, Andrew Welch covers what a Content Security Policy is, what XSS is, how a form can be used to hijack a page with malicious code, and how to prevent those attacks using a custom Content Security Policy.

Craft Version

Craft 5

Topic

Security

Instructor

Ryan Irelan

Date Streamed

September 05, 2024

Lesson Materials

Some stuff to help you along during the lesson:

Content-Security-Policy (CSP)
What is cross-site scripting (XSS) and how to prevent it?
CSP Evaluator
CSP Evaluator Chrome Extension
Definition of nonce
Cryptographic nonce
Craft CMS Vite Plugin

More you should learn about Security

Fundamentals of Content Security Policy in Craft CMS

CraftQuest on Call: Craft 5.4 and CSPs

Craft 101

Ephemeral File Systems and Exploits