Content Security Policy is a new layer in web security to protect your site and your users from security and privacy risks such as cross site scripting (XSS), content injection, and data exfiltration. The Content-Security-Policy module is able to leverage Drupal 8’s libraries system to make this tool more easily available to every Drupal site.
This session will cover:
The most prominent risks and the Content Security Policy options available to address them.
The current state of the Content Security Policy spec, and current browser support.
How to safely implement and monitor the effectiveness of a policy.
The roadblocks current modules, frontend libraries, and third-party services present.
The roadmap for the Content Security Policy Drupal module.
Useful for site builders and developers, attendees should walk away from this session with the core knowledge required to implement and monitor a Content Security Policy for their website.