Compile-time verified dynamic CSP headers

Dynamic CSP headers are tricky, especially if user input is involved. A URL such as https://foo.com/bar%20%2A can result in headers like: Content-Security-Policy: script-src https://foo.com * This kills the CSP. yesod-csp tries to make such...

yesod-csp

I've just released yesod-csp. This helps you add Content Security Policy headers to your web responses using Haskell data types. For example: This will generate a header like this: Content-Security-Policy headers help reduce the risk of XSS attacks and bad...

Automated Webhook QA

I love automated QA tools like Runscope. Recently at Intercom I investigated the potential for us to begin running similar tests against our production webhooks offering. The problem Let's look at some of the problems you hit when determining "are...