Codeigniter 4 CSP don't support style-src-attr - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24) +--- Thread: Codeigniter 4 CSP don't support style-src-attr (/showthread.php?tid=88753) |
Codeigniter 4 CSP don't support style-src-attr - Styopi - 10-31-2023 Hi, I have a problem to add style-src-attr 'unsafe-inline' rulle to CSP header. There is no "addStyleSrcAttr" function in CSP Library. Temporarily i solve this problem with my own custom CSP Library: ContentSecurityPolicy.php // namespace App\Libraries; ..... public function addStyleSrcAttr($uri, ?bool $explicitReporting = null) { $this->addOption($uri, 'styleSrcAttr', $explicitReporting ?? $this->reportOnly); return $this; } .... protected function buildHeaders(ResponseInterface $response) { // Ensure both headers are available and arrays... $response->setHeader('Content-Security-Policy', []); $response->setHeader('Content-Security-Policy-Report-Only', []); $directives = [ .... 'style-src' => 'styleSrc', 'style-src-attr' => 'styleSrcAttr', // Added the new style attr .... ]; RE: Codeigniter 4 CSP don't support style-src-attr - kenjis - 10-31-2023 Apparently, the CSP3 directives are not implemented in CI4. It would be helpful if you could send a pull request to add the directive to the 4.5 branch. https://github.com/codeigniter4/CodeIgniter4/blob/develop/contributing/pull_request.md RE: Codeigniter 4 CSP don't support style-src-attr - kenjis - 11-06-2023 @Styopi Why don't you send a Pull Request? RE: Codeigniter 4 CSP don't support style-src-attr - Styopi - 11-11-2023 (10-31-2023, 06:03 PM)kenjis Wrote: Apparently, the CSP3 directives are not implemented in CI4. Hi Kenjis, thank you for info. You are right there is no CSP3 support in CI4. I must implement other CSP headers too, like: script-src-attr, script-src-elem, style-src-elem... Sorry but I have no experience with sending a pull requests to CI, and actually I have al lot of work If you have a time please help me and send this request to add CSP3 support. Sorry for my bad English. Thank you. RE: Codeigniter 4 CSP don't support style-src-attr - objecttothis - 10-22-2024 (11-11-2023, 12:58 AM)Styopi Wrote:(10-31-2023, 06:03 PM)kenjis Wrote: Apparently, the CSP3 directives are not implemented in CI4. I found this through google because I noticed style-src-elem is missing. @kenjis, does this still need a PR or is someone working on it? |