limesoda-com / ls-security-headers
Configures security headers like content security policy
Installs: 140
Dependents: 0
Suggesters: 0
Security: 0
Stars: 4
Watchers: 7
Forks: 0
Open Issues: 0
Type:typo3-cms-extension
Requires
- php: >=7.4 <=8.2.99
- typo3/cms-core: ^11.5 || ^12
README
TYPO3 Extension ls_security_headers
This extension offers configurable security headers for the frontend.
Setup
- Install the extension by using composer
- Create a "Security Headers" record on the root page and configure the desired headers
- Validate your configuration with securityheaders.com
Infos
- Security Headers that are defined in the .htaccess or in some other server configuration will not be overwritten.
- If EXT:staticfilecache is used, you have to extend the validHtaccessHeaders extension setting.
- Security Headers for the TYPO3 Backend can be defined in AdditionalConfiguration.php with the BE setting "HTTP".
Nonce support
This extension includes a TypoScript helper function for generating CSP nonces.
All the nonces generated by the function during the request will automatically be added to the Content-Security-Policy header at the end of the request.
Basic usage:
<style nonce="{f:cObject(typoscriptObjectPath: 'lib.cspNonce', data: {length: '32', policy: 'style'})}">
The policy argument defines the policy the nonce should be added to (style for style-src, script for script-src, ...).
The length argument defines the length of the nonce in bytes.