Nonce-based Content Security Policy (CSP) in Rails

Introduction During my time at Gusto as a part of the Application Security team, I’ve been exploring ways to improve defense against Cross-Site Scripting (XSS) in modern web applications. At Gusto, we primarily use Ruby on Rails and React.js. Individually each framework comes with some XSS protections out…

Read this article

Building Toward a Modular Monolith

Imagine you have a Rails monolith and want to add new functionality. Your options are to 1) continue adding to the monolith, or 2) create a new service. Which do you choose? What if there’s a third option? Background Adding new functionality to a monolith is a lot like…

Read this article