Content Security Policy can be used to generate reports describing attempts to attack your site. This post briefly explains how this works, and presents a simple example script that can be used to process these reports.
Continue reading “Processing Content Security Policy violation reports”…
If Content Security Policy is enabled for protection against cross-site scripting attacks (i.e. the
unsafe-inline option is not set), the use of inline
<script>s is not allowed. In that case, how can we pass server-generated data to the front-end without negatively affecting load time and run-time performance?
Continue reading “Hiding JSON-formatted data in the DOM with CSP enabled”…
This post explains a hidden gem in the
XMLHttpRequest standard that simplifies fetching and parsing JSON data through Ajax.
Continue reading “Loading JSON-formatted data with Ajax and
Browse the archive.