Portfolio & Projects

Content Security Policy Reporting Web Service

Portfolio image

This project is a web service that is used to detect mixed content on HTTPS pages. It uses the Content-Security-Policy header, and when HTTP content is detected on a HTTPS page, the violating content is then logged with AWS Lambda to a SimpleDb domain using the report-uri directive.

Why was it built?

The Taunton Press was moving several of their web properties to HTTPS-by-default and needed a way to detect any issues with CMS or 3rd party content after the move. In addition to the AWS component, this project required me to write a WordPress plugin to add the CSP header.

  • Role: Lead Developer
  • Technology: Content Security Policy, AWS Lambda, AWS SimpleDb
  • Year: 2018
  • Written for: The Taunton Press
  • Industry: Publishing