Subresource integrity (SRI) – and why it needs failover.

2016-11-272016-10-27 Andy BurnsContentSecurityPolicy, SRILeave a comment

When building websites, significant performance gains can be made by using files from a Content Delivery Network (CDN). CDNs usually have nodes much more local (physically) to a visitor, and common files used across many sites (such as jQuery, bootstrap, etc.) may even be already in the visitor’s cache.

However, if you’re using a file from a CDN, well, you don’t really control it. Someone could change it, for honest or nefarious reasons – and your site would still load that resource and try to use it. Continue reading “Subresource integrity (SRI) – and why it needs failover.” →

Configuring a Content-Security-Policy

2016-01-072015-12-09 Andy BurnsContentSecurityPolicy, HTTP, HTTPHeaders, IIS, SecurityLeave a comment

I’ve talked about how to how to remove HTTP Headers that you don’t need from IIS – but there are some that you probably will want. This particular post is about the Content Security Policy (CSP).

I’m not going to describe what one is. @Scott_Helme has already described what a Content Security Policy is far better than I can. Rather, I’m going to describe how to figure out what your policy should be… Continue reading “Configuring a Content-Security-Policy” →

Andy Burns' Blog

Whatever I'm working on

ContentSecurityPolicy

Subresource integrity (SRI) – and why it needs failover.

Configuring a Content-Security-Policy