Welcome Guest, Not a member yet? Register   Sign In
CSP header not send in folder
#1

Hi, I hope I did not overlook an answer already given here, didn't find one

I've enabled CSP for my site, the header is sent, and any style is rejected, or the nonce set – all as planned

When I enter some data to my CMS – the CSP header is NOT sent.

eg. mysite/admin -> header sent

mysite/admin/update/123/content/456 -> header is not sent

The practical difference: without CSP a spell check extension for the browser works, with CSP it does not.

So I'ld like to find out, where to modify this CI4 behavior

thanks for help, regards, thomas
Reply
#2

The CSP header is sent automatically by the framework Response class.
So if it is not sent,

1. The URL is not served by the framework. (The web server serves the content.)
2. You do not use the framework Response. (You send the response by yourself and call exit().)
Reply
#3

(08-01-2023, 02:03 AM)kenjis Wrote: The CSP header is sent automatically by the framework Response class.
So if it is not sent,

1. The URL is not served by the framework. (The web server serves the content.)
2. You do not use the framework Response. (You send the response by yourself and call exit().)



Thanks for the hint. There was a hidden exit() somewhere hidden behind the trees
Reply




Theme © iAndrew 2016 - Forum software by © MyBB