A long time ago I have implemented Content Security Policy as Rack middleware for my Ruby on Rails project. In short, CSP is a XSS mitigation mechanism. Server responds with HTTP header which defines trustworthy sources for different types of content (js, css, images) and browser restricts content from other sources. It's very powerful and you definitely should implement it along with other header-based security features (like X-Frame-Options, Origin, Strict-Transport-Security) especially as long as it won't take much time.
A couple of days ago I decided that it worths to publish middleware as a separate gem. I googled a bit and found csp_easy. However, it lacked few features (hash-based directives configuration, support to WebKit, Report-Only mode) and specs, so I decided not to fork and push my changes (I know it looks bad), but just to publish my own version.
Project is on Github. Read instructions and improve security of your Rack-based web application!
A couple of days ago I decided that it worths to publish middleware as a separate gem. I googled a bit and found csp_easy. However, it lacked few features (hash-based directives configuration, support to WebKit, Report-Only mode) and specs, so I decided not to fork and push my changes (I know it looks bad), but just to publish my own version.
Project is on Github. Read instructions and improve security of your Rack-based web application!
4 comments:
hey, Alex
I saw your post about selenium how to verify text color on page, dont know how to contact, so leave a msg here, if you could see the msg, please help if you would like to. Thanks. I'm wondering does Selenium RC can do verifing text color on page? I'm not using webdriver for one of my test, but I want to verify a text color here using Selenium RC.
Thank you so much.
Just the same - http://stackoverflow.com/questions/9291852/selenium-ide-how-to-chek-text-color-using-css/9296057#9296057
Thanks a lot, I aleady got it work.
Thanks for sharing this article,and it would be a useful info,Hi We at Colan Infotech Private Limited best web design company in chennai,is Situated in US and India, will provide you best service in
qa testing services .
Post a Comment