limesoda-com/ls-security-headers

Configures security headers like content security policy

Maintainers

Details

github.com/LimeSoda/ls_security_headers

Homepage

Source

Issues

Installs: 374

Dependents: 0

Suggesters: 0

Security: 0

Stars: 4

Watchers: 7

Forks: 0

Open Issues: 0

Type:typo3-cms-extension

v1.3.0 2023-04-25 08:56 UTC

Requires

GPL-2.0-or-later d0cabc9cfeceab0fe8eb0723921119a54538a8c9

extensionTYPO3 CMSsecurity headersLIMESODA

This package is auto-updated.

Last update: 2024-03-25 10:51:32 UTC

README

TYPO3 11 TYPO3 12

TYPO3 Extension ls_security_headers

This extension offers configurable security headers for the frontend.

Setup

  1. Install the extension by using composer
  2. Create a "Security Headers" record on the root page and configure the desired headers
  3. Validate your configuration with securityheaders.com

Infos

  • Security Headers that are defined in the .htaccess or in some other server configuration will not be overwritten.
  • If EXT:staticfilecache is used, you have to extend the validHtaccessHeaders extension setting.
  • Security Headers for the TYPO3 Backend can be defined in AdditionalConfiguration.php with the BE setting "HTTP".

Nonce support

This extension includes a TypoScript helper function for generating CSP nonces.
All the nonces generated by the function during the request will automatically be added to the Content-Security-Policy header at the end of the request.
Basic usage:

<style nonce="{f:cObject(typoscriptObjectPath: 'lib.cspNonce', data: {length: '32', policy: 'style'})}">

The policy argument defines the policy the nonce should be added to (style for style-src, script for script-src, ...).
The length argument defines the length of the nonce in bytes.

Ressources

LIMESODA Website Security