polarblau chce zrobić o tym prezentację
A primer on Content Security Policy
Content Security Policy (CSP) is as a security concept aiming to prevent XSS and other forms of browser–based attacks right where they happen — in the browser. CSP has been around for a little while but it’s only now that browser vendors are closing in on implementing most of the W3C specification.
This talk will take a look at what CSP is, why it matters and how to use it with Ruby–based web applications.