CodeIgniter Forums - Search Results

Search Results

Thread: CSP header not send in folder
Post: RE: CSP header not send in folder

kenjis Wrote: (08-01-2023, 02:03 AM) -- The CSP header is sent automatically by the framework Response class. So if it is not sent, 1. The URL is not served by the framework. (The web server serv...

Thread: CSP header not send in folder
Post: CSP header not send in folder

Hi, I hope I did not overlook an answer already given here, didn't find one I've enabled CSP for my site, the header is sent, and any style is rejected, or the nonce set – all as planned When I ...

Thread: CSP for public folders
Post: RE: CSP for public folders

kenjis Wrote: (03-25-2023, 05:04 AM) -- Can you show the exact warning you get? What checker do you use? -- checker is screaming frog warning is «missing CSP header» for e.g. /css/main.css OWASP ...

Thread: CSP for public folders
Post: RE: CSP for public folders

kenjis Wrote: (03-25-2023, 04:00 AM) -- wine-fine Wrote: (03-25-2023, 03:44 AM) -- when I type an url to an image www.mysite.com/nice-image.jpg the image is shown, no codeigniter is involved (?) ...

Thread: CSP for public folders
Post: RE: CSP for public folders

kenjis Wrote: (03-25-2023, 03:31 AM) -- Read https://codeigniter4.github.io/CodeIgniter4/outgoing/response.html#content-security-policy and you need to configure CSP for your site. -- thanks. for ...

Thread: CSP for public folders
Post: CSP for public folders

Hi, I've enabled CSP and do some site checks. I get warnings that for css, js and images no CSP rules are defined. As they are in the public folder, the CI rules do not apply (?) when accessed dire...

Thread: uri_string() without slash again?
Post: RE: uri_string() without slash again?

kenjis Wrote: (03-16-2023, 06:22 PM) -- I sent a PR to fix the documentation. https://github.com/codeigniter4/CodeIgniter4/pull/7356 -- Fine. Thank you for the explanations and fixing the docs.

Thread: uri_string() without slash again?
Post: RE: uri_string() without slash again?

kenjis Wrote: (03-16-2023, 05:01 AM) -- Can you tell the exact version that uri_string() returns string with leading slash? As far as I know nobody changes the behavior like that. But according t...

Thread: uri_string() without slash again?
Post: uri_string() without slash again?

I've updated from 4.2 to 4.3. It seems uri_string() has changed again and now the result is without starting slash as it was some versions before? in one of the prior updates I had to change code ...

Thread: empty session path
Post: RE: empty session path

You're right: 3.1.7 is my version. anyway, I've modified the $config['sess_cookie_name'] = 'sess'; More specific, without the underscore as before "ci_session" and my "sess_save_path" starts to ...

Thread: empty session path
Post: RE: empty session path

Hi dave, my question was unclear. the folder FCPATH . 'sess_cache'; is empty, changing the $config['cookie_domain'] didn't help, thank you anyway. in the application storage of the developer tool, ...

Thread: empty session path
Post: RE: empty session path

thanks dave, my question was unclear. sure. there are no files in the directory FCPATH/sess_cache/ , but PHPSESSID are mentioned in the Application storage of the developer tools. therefore, I assu...

Thread: empty session path
Post: empty session path

Hi, I've looked a while here, googled but found no hint. My site https://www.MYDOMAIN uses sessions without problem, the session path is empty, however. For testing i use version.MYDOMAIN and se...