Nonce-based Content Security Policy (CSP) in Rails
Introduction During my time at Gusto as a part of the Application Security team, I’ve been exploring ways to improve defense against Cross-Site Scripting (XSS) in modern web applications. At Gusto, we primarily use Ruby on Rails and React.js. Individually each framework comes with some XSS protections out…