how to configure CSP correctly |
(11-25-2019, 11:17 PM)ttwist Wrote:(10-12-2018, 11:52 AM)frankenestain Wrote: There's no app.php in config ! Yeah, CI 3 does not have built-in support for Content Security Policy (CSP), but CSP is just HTTP header. 1. You are able to publish any HTTP headers in any version of CodeIgniter by use $response->setHeader() method: Code: $this->response->setHeader('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inine';"); 2. If you are not looking for easy ways and wish to have some convenience of CSP setup, it's possible to import class ContentSecurityPolicy.php from CI4 to CI3. You just need to change some PHP7 constructs like: PHP Code: $explicitReporting ?? $this->reportOnly PHP Code: is_null($explicitReporting) ? $this->reportOnly : $explicitReporting Anyway you need to modify class ContentSecurityPolicy.php even if you use CI4 - this class is oriented outdated Content Security Policy level 2 spec,, therefore it does not support a lot of CSP3 directives and tokens. |
Messages In This Thread |
how to configure CSP correctly - by puschie - 07-06-2017, 01:55 AM
RE: how to configure CSP correctly - by kilishan - 07-06-2017, 10:36 AM
RE: how to configure CSP correctly - by kilishan - 07-07-2017, 10:12 PM
RE: how to configure CSP correctly - by puschie - 07-09-2017, 11:58 PM
RE: how to configure CSP correctly - by kilishan - 07-10-2017, 06:17 AM
RE: how to configure CSP correctly - by frankenestain - 10-12-2018, 11:52 AM
RE: how to configure CSP correctly - by ttwist - 11-25-2019, 11:17 PM
RE: how to configure CSP correctly - by egranty - 11-23-2020, 09:29 AM
RE: how to configure CSP correctly - by z72diego - 04-17-2024, 03:03 AM
|