Skip to main content

Validate CSP from Command Line

The content security policy spec has been an amazing front-end security tool to help prevent XSS and other types of attacks. I’d go as far to say that every site should implement as specific CSP as possible. If you aren’t familiar with CSPs, here’s a quick example:

Content-Security-Policy: default-src 'self'; img-src *; media-src media1.com media2.com; script-src userscripts.example.com

If a linked resource or content on the page doesn’t pass a given CSP rule, it wont be loaded. Of course getting a massive site to pass one CSP is difficult — just ask Facebook:

Browsers provide you CSP error and warning information in the web console but that doesn’t help developers prevent issues before a push to production. Enter seespee — a Node.

Check Full Content Here […]



from Proven Ways https://ift.tt/2tn369G
Labels:

Comments

Post a Comment

Popular posts from this blog

5 Most Common Developer Portfolio Mistakes (Sponsored)

A portfolio site is one of the best marketing and sales tools you as a web developer have in your arsenal. And if it’s set up right, it’ll save you a bunch of time having to:  Chase down new clients,  Spend time convincing them to work with you, Answer questions about your experience as a coder and what you can build, Explain your background and how you got into web development, Handle other repetitive and tedious sales and marketing tasks.  The emphasis here is on setting up your portfolio site the right way.  Your portfolio site — as a whole — needs to be a reflection of your best self. To accomplish this, you’ll want to steer clear of the 5 most common developer portfolio mistakes.  Just keep in mind that this doesn’t have to end up being a ton of additional work. With one of Be’s pre-built portfolio sites, you can quickly create your portfolio powerhouse. Check Full Content Here […] from Proven Ways https://ift.tt/3hACgP0
Post a Comment
Read more

Awesome Forward & Reverse Geocoding API: positionstack (Sponsored)

One awesome web functionality we take for granted is geolocation. Based on geolocation data, we can get someone to their destination, provide them suggestions based on their location, and so on. One downside of native geolocation, especially in the browser, is that it’s limited in both input and output. That’s where an awesome service like positionstack comes in — positionstack allows developers to complete forward and reverse geocoding to get maximum data to maximize conversion and functionality. Quick Hits positionstack is free to join! Provides both forward and reverse geolocation, for embeddable maps and more The API is simple and easy to use Code samples provided in a variety of languages like PHP, Ruby, Node. Check Full Content Here […] from Proven Ways https://ift.tt/2UCBNUv
Post a Comment
Read more

How to Set a Default Commit Message

Having a default commit message is really useful for a number of reasons: It can formalize your commit messages It serves as a good reminder for the information you should add to your commit message, like issue number If you set it to “Drunk AF, don’t accept this” To set a default commit message on your local machine, start by executing the following from command line: git config --global commit.template ~/.gitmessage This tells your local git config to pull the text from ~/.gitmessage as the default commit message. Check Full Content Here […] from Proven Ways https://ift.tt/2Tkqgbr
Post a Comment
Read more