Codeigniter 4 CSP don't support style-src-attr |
Hi, I have a problem to add style-src-attr 'unsafe-inline' rulle to CSP header. There is no "addStyleSrcAttr" function in CSP Library.
Temporarily i solve this problem with my own custom CSP Library: ContentSecurityPolicy.php // namespace App\Libraries; ..... public function addStyleSrcAttr($uri, ?bool $explicitReporting = null) { $this->addOption($uri, 'styleSrcAttr', $explicitReporting ?? $this->reportOnly); return $this; } .... protected function buildHeaders(ResponseInterface $response) { // Ensure both headers are available and arrays... $response->setHeader('Content-Security-Policy', []); $response->setHeader('Content-Security-Policy-Report-Only', []); $directives = [ .... 'style-src' => 'styleSrc', 'style-src-attr' => 'styleSrcAttr', // Added the new style attr .... ];
Apparently, the CSP3 directives are not implemented in CI4.
It would be helpful if you could send a pull request to add the directive to the 4.5 branch. https://github.com/codeigniter4/CodeIgni...request.md
@Styopi Why don't you send a Pull Request?
(10-31-2023, 06:03 PM)kenjis Wrote: Apparently, the CSP3 directives are not implemented in CI4. Hi Kenjis, thank you for info. You are right there is no CSP3 support in CI4. I must implement other CSP headers too, like: script-src-attr, script-src-elem, style-src-elem... Sorry but I have no experience with sending a pull requests to CI, and actually I have al lot of work If you have a time please help me and send this request to add CSP3 support. Sorry for my bad English. Thank you.
(11-11-2023, 12:58 AM)Styopi Wrote:(10-31-2023, 06:03 PM)kenjis Wrote: Apparently, the CSP3 directives are not implemented in CI4. I found this through google because I noticed style-src-elem is missing. @kenjis, does this still need a PR or is someone working on it? |
Welcome Guest, Not a member yet? Register Sign In |