
Securing Web Apps with Modern Platform Features (Google I/O) - pimterry
https://www.youtube.com/watch?v=DDtM9caQ97I
======
pimterry
In summary:

* CSP improvements that let you allow/block content much more flexibly, without having to list every possible script host

* TrustedTypes, to block front-end XSS and enforce content sanitization

* New request headers for browser requests, which let servers spot & block CSRF attacks

* New response header to block cross-site opener attacks

