2/17/2012

Content Security Policy for Rack

A long time ago I have implemented Content Security Policy as Rack middleware for my Ruby on Rails project. In short, CSP is a XSS mitigation mechanism. Server responds with HTTP header which defines trustworthy sources for different types of content (js, css, images) and browser restricts content from other sources. It's very powerful and you definitely should implement it along with other header-based security features (like X-Frame-Options, Origin, Strict-Transport-Security) especially as long as it won't take much time.

A couple of days ago I decided that it worths to publish middleware as a separate gem. I googled a bit and found csp_easy. However, it lacked few features (hash-based directives configuration, support to WebKit, Report-Only mode) and specs, so I decided not to fork and push my changes (I know it looks bad), but just to publish my own version.

Project is on Github. Read instructions and improve security of your Rack-based web application!

5 comments:

SophieCdd said...

hey, Alex
I saw your post about selenium how to verify text color on page, dont know how to contact, so leave a msg here, if you could see the msg, please help if you would like to. Thanks. I'm wondering does Selenium RC can do verifing text color on page? I'm not using webdriver for one of my test, but I want to verify a text color here using Selenium RC.
Thank you so much.

Alex Rodionov said...

Just the same - http://stackoverflow.com/questions/9291852/selenium-ide-how-to-chek-text-color-using-css/9296057#9296057

SophieCdd said...

Thanks a lot, I aleady got it work.

malini ecorp said...

wonderful information, I had come to know about your blog from my friend nandu , hyderabad,i have read atleast 7 posts of yours by now, and let me tell you, your website gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a ton once again, Regards, QA online trainingamong the QA in Hyderabad. Classroom Training in Hyderabad India

malini ecorp said...

wonderful information, I had come to know about your blog from my friend nandu , hyderabad,i have read atleast 7 posts of yours by now, and let me tell you, your website gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a ton once again, Regards, QA online trainingamong the QA in Hyderabad. Classroom Training in Hyderabad India

Post a Comment