cloudgrayau / csp
Content Security Policy manager for Craft CMS
Installs: 65
Dependents: 0
Suggesters: 0
Security: 0
Stars: 3
Watchers: 1
Forks: 0
Open Issues: 0
Type:craft-plugin
Requires
- php: ^8.0|^8.2
- cloudgrayau/utils: ^1.1
- craftcms/cms: ^4.0|^5.0
README
Content Security Policy manager for Craft CMS.
Requirements
This plugin requires Craft CMS 4.0.0 or later.
Installation
composer require cloudgrayau/csp
CSP Overview
CSP is a Content Security Policy and HTTP Header Response manager for Craft CMS.
SEOmatic Compatibility
This plugin is 100% compatible with any nonces generated by the Automatic Render Enabled
setting inside SEOmatic Plugin Settings (General)
. To ensure compatibility, please set the Nonces for <script> tags
to Response Headers
inside the SEOmatic Plugin Settings (Tags)
.
Please note; any script-src
CSP tags set within SEOmatic will also be applied.
The Content-Security-Policy
HTTP Response Header applied by SEOMatic is automatically overridden and/or removed.
Blitz Compatibility
To ensure the Content Security Policy remains compatible with Blitz Caching enabled, please ensure the CSP Mode
is set to Meta Tags
inside the CSP Settings (Settings)
.
Setup
The plugin can be configured via the Craft CMS Settings
or by using the supplied config/csp.php
file.
Additional nonces can be configured in your templates as follows:
{# HTML #} <script src="url/of/script.js" nonce="{{ csp('script-src') }}"></script> <link href="url/of/style.css" rel="stylesheet" nonce="{{ csp('style-src') }}" /> {# CSS Twig tags #} {% do view.registerCssFile(url('scss/styles.scss'), { nonce: csp('style-src') }) %} {% do view.registerCss('<body>background:red;</body>', { nonce: csp('style-src') }) %} {# JS Twig tags #} {% do view.registerJsFile(url('js/site.js'), { nonce: csp('script-src') }) %}
Overriding Config
The CSP configuration can be updated in realtime via your templates with twig. This can be useful, for example to disable the CSP on XHR requests.
{% do craft.csp.config({'cspEnabled': false}) %}
Brought to you by Cloud Gray Pty Ltd