Security

10 May 2019

Nonce-based Content Security Policy (CSP) in Rails

Introduction During my time at Gusto as a part of the Application Security team, I’ve been exploring ways to improve defense against Cross-Site Scripting (XSS) in modern web applications. At Gusto, we primarily use Ruby on Rails

Edward Qiu

1 / 1

Engineering ( 20 )

diversity-inclusion ( 10 )

gusto ( 7 )

programming ( 7 )

Search

Nonce-based Content Security Policy (CSP) in Rails

Engineering ( 20 )

diversity-inclusion ( 10 )

gusto ( 7 )

programming ( 7 )

Collaboration ( 5 )

ruby on rails ( 4 )

best practice ( 4 )

Product Management ( 3 )

startups ( 3 )

react ( 2 )

javascript ( 2 )

PM ( 2 )

interviews ( 2 )

job hunt ( 2 )

database ( 2 )

advice ( 2 )

engineering management ( 2 )

authorization ( 2 )

Guide ( 2 )

Security ( 2 )

ruby ( 2 )

Getting Started ( 2 )

tidying ( 2 )

pull request ( 2 )

code review ( 2 )

refactoring ( 2 )

backbone ( 1 )

webpack ( 1 )

immutable ( 1 )

Teams ( 1 )

Teamwork ( 1 )

cto ( 1 )

migration ( 1 )

double write ( 1 )

single read ( 1 )

models ( 1 )

double read ( 1 )

single write ( 1 )

zero downtime ( 1 )

management ( 1 )

tech lead ( 1 )

individual contributor ( 1 )

sidekiq ( 1 )

redis ( 1 )

poison pill ( 1 )

incident response ( 1 )

women ( 1 )

modular monolith ( 1 )

rails engines ( 1 )

SSO ( 1 )

OAuth ( 1 )

OpenID Connect ( 1 )

startup lessons ( 1 )

flexible pay ( 1 )

blocks ( 1 )

closures ( 1 )

Big Data ( 1 )

Data Engineering ( 1 )

Data Lake ( 1 )

partnerships ( 1 )

integrations ( 1 )

api ( 1 )

xero ( 1 )

New York City ( 1 )

organizational design ( 1 )

monolith ( 1 )

spaghetti code ( 1 )

legislation ( 1 )

Edward Qiu

1 post |

Nonce-based Content Security Policy (CSP) in Rails

1 post

|