Skip to content

rezen/csp

Repository files navigation

CSP

The best way to learn CSP is to play with policy creation & see how policies affect resources on the page!

When you run locally you have the added benefit of CSP violation reporting being displayed in page.

# Run with docker ....
docker-compose up
open http://localhost:8100/

Play

  • elements What elements will load on the page?
  • allow What should we allow on the page?
  • proof How can we prove the CSP worked?
    • CSP Reports
    • document.querySelector('iframe').contentWindow.location.href

Todo

  • Setup app for "bad actor" exfil

Deploy

Links

About

Learn about CSP ... by playing with it!

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published