With React WebApp Content Security Policy - OWASP

There is a better way

1

Content Security Policy with React WebApp

Meetup OWASP 10 Septembre 2020

OCTO Part of Accenture ? 2020 - All rights reserved

There is a better way

2

01

Content Security Policy

02

React

OCTO Part of Accenture ? 2020 - All rights reserved

There is a better way

3

01

Content Security Policy

OCTO Part of Accenture ? 2020 - All rights reserved

There is a better way

4

Content Security Policy

OBJECTIF: La Content Security Policy est une ent?te HTTP permettant de d?finir les interactions entre les ressources d'une page web.



default-src 'self'; script-src 'self' ; img-src 'self' ;

OCTO Part of Accenture ? 2020 - All rights reserved

There is a better way

5

Unsafe inline



// JavaScript Code

Content Security Policy

script-src 'unsafe-inline';

Le JavaScript Inline est largement exploit? par

les attaques XSS.

Il ne faut pas autoriser unsafe-inline

OCTO Part of Accenture ? 2020 - All rights reserved

There is a better way

6

02

React

OCTO Part of Accenture ? 2020 - All rights reserved

React

OBJECTIF: React est un framework Javascript pour construire des Single Page Application.

There is a better way

7

Scaffold npx create-react-app my-app

Build npm run build

Serve npx serve -s build

OCTO Part of Accenture ? 2020 - All rights reserved

There is a better way

8

... et voila du Inline JavaScript !

OCTO Part of Accenture ? 2020 - All rights reserved

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download