Video of session:https://www.youtube.com/watch?v=9V64zQi2pX0&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=33
Our story will arm you with the knowledge you’ll want should you decide to go down the same path. When we initially decided to implement CSP, the BETA version of our website was already live. Like many sites, our platform grew from something we initially started as a pet project. Admittedly, building CSP into our site from day one would have been much easier...but not nearly as challenging or fun.
We’ll start by walking you through our Content Security Policy, discuss the basic nuances between how each major browser implements CSP, and outline techniques for how we deal these nuances at runtime.
Lastly, we’ll discuss what we learned from implementing a notification mechanism to report violations of our CSP at runtime. Needless to say we were surprised by what was reported, and we’ll share the results.
Our hope is that by telling our story to the world, we’ll either save the rainforest or make your life a little easier should you decide to implement CSP (worst case scenario we’ll save you the trouble and dissuade you from even trying).