IntroductionIn this post, I’ll tell the story of how a stray semicolon led me to build an AI-powered tool to make creating Content Security Policies (CSPs) a bit less painful for developers.I’ve written about CSPs on this blog before:December 2024: Securing your static website with HTTP response headersFebruary 2025: Configuring your Content-Security-Policy on your development environment in 11tyTo quote from my 2024 post:The Content Security Policy (CSP) header is a security feature that protects web applications from attacks like Cross-Site Scripting (XSS) and code injection by controlling the sources from which browsers can load and execute content. If there's only a single response header you implement today, then make it the CSP Response header.The post has a few more details, so if you are interested you can find the Content-Security-Policy (CSP) section here.As mentioned in the post, there are already a huge number of tools available on the web for creating CSP’s, but none of…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.