Improve ContentSecurityPolicy (CSP) |
The way CodeIgniter sets CSP headers means they don't affect static resources like css and js and font files. I don't believe it is possible to add CSP for these resources in httpd.conf without overriding the CodeIgniters CSP settings.
Will setting CSP headers in a filter apply to static resources? Tomcat/Java is able to do this. I'm guessing this is not possible or feasible with PHP. Therefore I believe the content security policy stuff in CodeIgniter should be removed because it is half assed. httpd.conf is the proper place to set up CSP in a PHP app. It does not work in PHP code.
Simpler is always better
|
Welcome Guest, Not a member yet? Register Sign In |