Skip to content

CS 343, Spring 2025

Apr 29: CSP and CORS

CS 343, Spring 2025

Home
Syllabus
Calendar
Help
Notes
Notes
- Week 1: File Publishing
  Week 1: File Publishing
- Week 2: HTML Structure
  Week 2: HTML Structure
- Week 3: JavaScript Basics
  Week 3: JavaScript Basics
- Week 4: CSS Presentation
  Week 4: CSS Presentation
- Week 5: Flexbox Layout
  Week 5: Flexbox Layout
- Week 6: Design Sketch
  Week 6: Design Sketch
- Week 7: Responsive Design
  Week 7: Responsive Design
- Week 8: JavaScript Events
  Week 8: JavaScript Events
- Week 9: Fetch and APIs
  Week 9: Fetch and APIs
- Week 10: Asynchronous
  Week 10: Asynchronous
- Week 11: Static Prototype
  Week 11: Static Prototype
- Week 12: Persistence
  Week 12: Persistence
- Week 13: Form Validation
  Week 13: Form Validation
- Week 14: Content Security
  Week 14: Content Security
  - Apr 29: CSP and CORS Apr 29: CSP and CORS
    Table of contents
    
    Lesson Outline
  - Prep 12: CSP Directives
  - May 01: Review Weeks 12--14
  - Project 3: Dynamic App
- Week 15: Course Wrap-up
  Week 15: Course Wrap-up

Apr 29: CSP and CORS

Learning Objectives

After today's class, you should be able to:

Explain how a cross-site scripting (XSS) attack can be performed.
Write CSP directives that block local, inline, and/or remote content.
Describe how CORS is used to allow limited cross-origin requests.

Lesson Outline¶

Slides [30 min]

36_Security-Topics.pdf – by Dr. Kirkpatrick
- HTTP Toolkit: Will it CORS?
- Web Security Cheat Sheet

Work Time [45 min]

Complete Prep 12 during class time
Show Project 3 progress to instructor
- 5 min per team; sign up for a time slot