System - Content Security Policy
It's been said that a good Content Security Policy is the most important security measure you can take to protect your clients after switching to SSL. This plugin aims to make that implementation as easy as possible.
- Download System - Content Security Policy from the RicheyWeb download page.
- This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "System - Content Security Policy".
- In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
- Select the "Upload Package File" tab
- Press the "Choose File" button to browse your system and locate the plugin file you downloaded
- Press the "Upload & Install" button
At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Content Security Policy". Begin configuration with the AJAX plugin
AJAX plugin configuration is only required if you wish to receive reporting data from clients. If you're not interested in receiving this data - you can skip this step and move on to the System plugin configuration below.
The only required setting to use the report gathering features of this plugin is to authorize your referrer (your domain name) as a source of data. If you haven't canonicalized your name, you should put both the www and non-www versions into the configuration:
www.example.com and example.com
If you choose to implement the CLI CRON job, you will need to have at least one recipient.
The final option causes the CRON job to delete the matched items after it emails them.
Users who are able to create CRON jobs on their server can use this feature to send an email to selected recipients. The script is designed to send the reports from the previous day as a CSV file. There is no use running it more than once per day, as it only returns data from the previous day. You will need to create your CRON job to run in the Joomla "cli" directory - and simply run "php csp.php"
The configurations are extensive and complex. Each item label is a link to the documentation for that type of directive. Refer to the documentation if you are unsure about how CSP works.
Someone will need it - go to the forums or open a support ticket.