Does the CSP plugin also gives me the possibility to set specific rules for certain pages?
Problem is that the Joomla 2FA function uses a data URL image and usually you would block that with a CSP but for that specific page I would want to relax the rule.
For security purposes I'd rather not see this as an article option, but rather have a central place (e.g. in component or in the plugin) where I can set a general CSP rule and then define certain URL paths (regex) where I set a custom rule for each of the exempt URLs.
Now I have to do some weird nginx workarounds (becaue I set the header currently by the nginx webserver).
The problem with doing it in the plugin is page matching. Because an article might be displayed in a blog layout, or the article layout - regex wouldn't necessarily work. Those URLs could be radically different, and it wouldn't necessarily work to assign by itemId because you would need a menu item for each article with custom settings.
I can see the security implications of using a content plugin tag, but what about article options that are restricted to specific access levels? I could allow configuration of the access levels within the plugin, and then you could make changes to CSP while editing the specific articles where the changes need to be made....but only if your access level is allowed.
How does that sound? I'm trying to make this as accessible as possible, because not everyone can grasp regex and at the end of the day, I'm trying to make this available to the broadest audience possible.