CodeIgniter Forums
Codeigniter 4 CSP don't support style-src-attr - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Codeigniter 4 CSP don't support style-src-attr (/showthread.php?tid=88753)



Codeigniter 4 CSP don't support style-src-attr - Styopi - 10-31-2023

Hi, I have a problem to add style-src-attr 'unsafe-inline' rulle to CSP header. There is no "addStyleSrcAttr" function in CSP Library. 
Temporarily i solve this problem with my own custom CSP Library:

 ContentSecurityPolicy.php
// namespace App\Libraries;
.....
    public function addStyleSrcAttr($uri, ?bool $explicitReporting = null)
{
        $this->addOption($uri, 'styleSrcAttr', $explicitReporting ?? $this->reportOnly);
        return $this;
    }
....
    protected function buildHeaders(ResponseInterface $response)
    {
        // Ensure both headers are available and arrays...
        $response->setHeader('Content-Security-Policy', []);
        $response->setHeader('Content-Security-Policy-Report-Only', []);

        $directives = [
           ....
            'style-src'      => 'styleSrc',
            'style-src-attr'  => 'styleSrcAttr', // Added the new style attr
           ....
        ];


RE: Codeigniter 4 CSP don't support style-src-attr - kenjis - 10-31-2023

Apparently, the CSP3 directives are not implemented in CI4.

It would be helpful if you could send a pull request to add the directive to the 4.5 branch.
https://github.com/codeigniter4/CodeIgniter4/blob/develop/contributing/pull_request.md


RE: Codeigniter 4 CSP don't support style-src-attr - kenjis - 11-06-2023

@Styopi Why don't you send a Pull Request?


RE: Codeigniter 4 CSP don't support style-src-attr - Styopi - 11-11-2023

(10-31-2023, 06:03 PM)kenjis Wrote: Apparently, the CSP3 directives are not implemented in CI4.

It would be helpful if you could send a pull request to add the directive to the 4.5 branch.
https://github.com/codeigniter4/CodeIgniter4/blob/develop/contributing/pull_request.md

Hi Kenjis, thank you for info.
You are right there is no CSP3 support in CI4.
I must implement other CSP headers too, like:
script-src-attr, script-src-elem, style-src-elem... 

Sorry but I have no experience with sending a pull requests to CI, and actually I have al lot of work Sad
If you have a time please help me and send this request to add CSP3 support.

Sorry for my bad English. 
Thank you.


RE: Codeigniter 4 CSP don't support style-src-attr - objecttothis - 10-22-2024

(11-11-2023, 12:58 AM)Styopi Wrote:
(10-31-2023, 06:03 PM)kenjis Wrote: Apparently, the CSP3 directives are not implemented in CI4.

It would be helpful if you could send a pull request to add the directive to the 4.5 branch.
https://github.com/codeigniter4/CodeIgniter4/blob/develop/contributing/pull_request.md

Hi Kenjis, thank you for info.
You are right there is no CSP3 support in CI4.
I must implement other CSP headers too, like:
script-src-attr, script-src-elem, style-src-elem... 

Sorry but I have no experience with sending a pull requests to CI, and actually I have al lot of work Sad
If you have a time please help me and send this request to add CSP3 support.

Sorry for my bad English. 
Thank you.

I found this through google because I noticed style-src-elem is missing. @kenjis, does this still need a PR or is someone working on it?