heimrichhannot/contao-csp-bundle

A Content Security Policy (CSP) bundle to Contao 4.

Maintainers

Details

github.com/heimrichhannot/contao-csp-bundle

Source

Issues

Installs: 6

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 5

Forks: 0

Open Issues: 0

Type:contao-bundle

0.1.0 2024-09-16 12:38 UTC

Requires

GPL-3.0-or-later bff6b923a23bc89d60a225c678f6d2b651e92e6f

This package is auto-updated.

Last update: 2024-10-16 12:46:18 UTC

README

This bundle backports parts of the Content Security Policy (CSP) implementation of Contao 5.3 to Contao 4.13.

This bundle has no handling for inline scripts and styles. You need to add 'unsafe-inline' to your directives.

Page settings

Upgrade to contao 5

This bundle is just a backport. You can seamlessly upgrade to Contao 5.3 without touching your CSP configuration (you need to uninstall this bundle before upgrading). Afterwards you can also remove the 'unsafe-inline' directive from your CSP configuration as contao 5.3 has support for handling inline scripts and styles for csp.

Installation

Install the bundle via composer or contao manager and update the database afterwards.

composer require heimrichhannot/contao-csp-bundle

Configuration

Go to the root page settings. There you find an option to enable CSP. If you enable it, you can configure the CSP directives.

Read more

Offical documentation
Pull request