heimrichhannot / contao-csp-bundle
A Content Security Policy (CSP) bundle to Contao 4.
Installs: 7
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 5
Forks: 0
Open Issues: 1
Type:contao-bundle
Requires
- php: ^8.1
- contao/core-bundle: ^4.13
- nelmio/security-bundle: ^2.12 || ^3.0
- symfony/http-kernel: ^5.4
README
This bundle backports parts of the Content Security Policy (CSP) implementation of Contao 5.3 to Contao 4.13.
This bundle has no handling for inline scripts and styles. You need to add
'unsafe-inline'
to your directives.
Upgrade to contao 5
This bundle is just a backport. You can seamlessly upgrade to Contao 5.3 without touching your CSP configuration (you need to uninstall this bundle before upgrading).
Afterwards you can also remove the 'unsafe-inline'
directive from your CSP configuration as contao 5.3 has support for handling inline scripts and styles for csp.
Installation
Install the bundle via composer or contao manager and update the database afterwards.
composer require heimrichhannot/contao-csp-bundle
Configuration
Go to the root page settings. There you find an option to enable CSP. If you enable it, you can configure the CSP directives.