Welcome Guest, Not a member yet? Register   Sign In
Improve ContentSecurityPolicy (CSP)
#1

(This post was last modified: 01-17-2025, 12:29 AM by donpwinston.)

The way CodeIgniter sets CSP headers means they don't affect static resources like css and js and font files. I don't believe it is possible to add CSP for these resources in httpd.conf without overriding the CodeIgniters CSP settings.

Will setting CSP headers in a filter apply to static resources? Tomcat/Java is able to do this.

I'm guessing this is not possible or feasible with PHP. Therefore I believe the content security policy stuff in CodeIgniter should be removed because it is half assed.

httpd.conf is the proper place to set up CSP in a PHP app. It does not work in PHP code.
Simpler is always better
Reply




Theme © iAndrew 2016 - Forum software by © MyBB