Content Security Policies
A good defensive strategy is multilayered. Whether it's the multifactor authentication system you use to log into GitHub, or the kill switch on Furiosa's war rig, having more than one safeguard against intrusion makes attacks substantially more difficult. The same is true for web security, and today's post is going to introduce you to a powerful tool you have to augment your website's security: content security policies, or CSPs.
The Tectonics of the Web
It’s a common refrain amongst frontend developers: “The web changes so quickly, I can barely keep pace!” New frameworks come into vogue, tooling trends come and go, and browsers implement (and deprecate) scores of features, all in the span of weeks and months. It can feel like you’re building on quicksand.
CORS (Cross-Origin Resource Sharing) is subject tinged with dread for many web developers. Like tales of a mythical sea beast, every developer has a story to tell about the day CORS seized upon one of their web requests, dragging it down into the inexorable depths, never to be seen again.
Efficient Resource Requests
Few users of the modern internet realize that a webpage isn’t a single “thing” but a composition of scripts, stylesheets, HTML, and more. To an end user, a website is a website, though some are certainly slower than others, and some keep lagging even after the page has loaded. Much of what can be interpreted as a website’s performance can be reduced to how quickly its various resources are obtained, and as users become accustomed to meticulously tuned web applications by the likes of Google and Facebook, it’s important for every frontend developer to understand how to optimize their site’s resource requests.