Tag: report-uri.io

Total 28 Posts

Let your framework do the heavy lifting

I recently found myself in a conversation about the difficulties of building and implementing effective CSRF protection. Not only was I struggling to get across the technical details of a CSRF attack, but there was a big focus on building a 'bespoke' solution. Cross-Site Request Forgery explained CSRF can be…

Continue Reading

Fixing mixed content with CSP

As more and more sites are migrating to HTTPS, one of the biggest problems that will need solving is tracking down all of your HTTP resources to avoid mixed content warnings. Whilst this could sound like a daunting task, especially on sites with a large amount of content, CSP can…

Continue Reading

Further improvements to report-uri.io

I've just pushed another update to https://report-uri.io that brings quite a few new features and improvements. This update brings about the second significant set of changes to https://report-uri.io since being launched earlier this year. The first major update brought tweaks to the layout, new features like…

Continue Reading

Hardening the CSP on report-uri.io

It's pretty easy to get a basic CSP setup and issued on your site, but tightening up the policy can be tricky. To benefit from protection against XSS attacks you need to potentially disable inline script which could mean some pretty significant changes for your site. In this blog I'm…

Continue Reading