Everything you need to know about Content Security Policy (CSP)
Interested in learning how to build, implement and analyse a Content Security Policy? Michael shares some critical insights and lessons learned from a large government website built on Drupal.
In the presentation, “Hashes and Nonces and Violations, Oh My! Everything you need to know about Content Security Policy (CSP)”, you’ll discover that while enhancing web security on an existing site can be challenging, enabling it as early and strictly as possible eases those challenges.
Michael begins with the essentials for getting started, then moves into the more complex directives that you’ll need to know. And while a hard-coded policy isn’t dynamic enough for Drupal’s needs, particularly with Google Tag Manager—don’t panic! Michael will also present some strategies that can alleviate that.
By the end of the video, you’ll understand how to start building your policy, as well as the tools needed to analyse its effectiveness before deployment to production.
Watch the video
Related Articles
The road to zero friction testing with Drupal Test Traits
Video: Testing can seem complicated, too much effort or a waste of time. It doesn’t have to be! I’ll show you how to reduce friction and get the most out of Drupal Test Traits.
Running and debugging PHPUnit tests in PHPStorm with DDev and xdebug
Check out my detailed configuration for running and debugging tests via PHPStorm's PHPUnit integration with DDev and xdebug.