Answers for example “what’s the difference between protect_from_forgery with: :null_session and :reset_session”.
In this guest posting I wrote up what to check before putting a Rails app into production.
It’s pretty easy to get a basic CSP setup and issued on your site, but tightening up the policy can be tricky.
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.