

Practical prevention of web shenanigans with Content Security Policy - nailer
https://certsimple.com/blog/csp-shenanigans

======
nailer
Author here. If you haven't had the time to read the article, it isn't a CSP
howto. Rather it's about the steps taken to implement CSP in enforcing mode on
a production app:

\- dealing with third party libraries

\- replacing common unsafe techniques with better ones

\- handling violation messages moe efficiently.

There's also a small library with an implementation of policies for a bunch of
common third part JS libraries, which should save a bunch of research.

I hope you find it useful.

------
orliesaurus
Good read, didn't expect CSP to be that necessary at first :D

