Mihai Iacob

Mihai Iacob is a Software Engineer on the Engineering Security team at Okta. His extensive background in cybersecurity includes secure software development, encryption and key management, audit, authorization model, web security, and content security policy. He contributes to the development and implementation of robust security measures that safeguard our users’ data and privacy. Mihai’s interests include participating in Okta’s internal bug bounty program and hackathons.

Mihai Iacob and Bryan Honan and Arun Kumar Elengovan

February 19, 2025

Content-Security-Policy in a Complex Environment

Content-Security-Policy (CSP) is essentially allow-list policy that dictates what a web page can load. CSP is complex to implement and rollout - even a minor mistake could mean that important parts of the page will not load, which in Okta’s case could mean trouble authenticating. This blog article aims to provide a glimpse into our secure implementation journey and guidance for the industry based on lessons learned.