kenshodigital / kirby-csp
Adds a strict CSP header to Kirby projects.
Installs: 27
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Type:kirby-plugin
pkg:composer/kenshodigital/kirby-csp
Requires
- php: ^8.3 || ^8.4 || ^8.5
- getkirby/cms: ^4.8 || ^5.2
- getkirby/composer-installer: ^1.2
README
Adds a strict CSP header to Kirby projects.
General
Uses Kirby’s native nonce feature (used for the panel) to add a strict nonce-based content security policy header to all Kirby responses.
Further reading
Usage
Installation
composer require kenshodigital/kirby-csp ^1.1
Setup
The plugin is not configurable and just follows the latest best practices.
script-src 'nonce-[…]' 'strict-dynamic' 'unsafe-inline' https:; object-src 'none'; base-uri 'none';
Development
However, scripts in your frontend are expected to include a nonce, like this.
<script nonce="<?= $kirby->nonce() ?>"> … </script>