SSL Labs Score

Log in to participate

There is no cost to join RicheyWeb, and membership is a requirement to submit bug reports and participate in the support forums.

× Extension Discussions

System - Content Security Policy

2 weeks 3 days ago #988 by michael
michael created the topic: System - Content Security Policy
The System - Content Security Policy plugin(s) bring this much...

Do you ever get tired of managing Content-Security-Policy headers? It's tedious, and worse - editing Apache/Nginx config files can be a pain because you have to restart the server to test your configs! It would be nice if Joomla had an easy method to manage CSP settings...... Now it does!

The System - Content Security Policy plugin(s) bring this much needed security functionality to Joomla. The fun doesn't stop there - this set of plugins also implements the report-uri feature of the CSP. You can capture your own csp-report via the included AJAX plugin, and have it sent to you nightly using the included CLI script. If you want to browse the data - the AJAX plugin offers a handy report browser. Let's look at all of the features:

  1. Implements all classes of the Content Security Policy standard:
    • Fetch directives
    • Document directives
    • Navigation directives
    • Reporting directives
    • and the eclectic "Other" directives
  2. Injects your settings in a Content-Security-Policy HTTP header
  3. Adds a <meta> tag with your CSP settings
  4. Implements report-uri and report-to
  5. Provides a listener for report-uri and report-to incoming data
  6. Includes a CLI script to be used in a CRON job for nightly reporting to a selected administrator or administrators
  7. Includes a report browser, for immediate review of stored reports
Other headers can be set by this plugin as well:
  • X-Content-Type-Options
  • X-Frame-Options
  • X-XSS-Protection
  • Referrer-Policy
  • Expect-CT
  • Strict-Transport-Security

I really tried to give this plugin every feature I would want, and it's running on this site now!

With very little effort, and in very little time - you can pass the test with an easy "A".


I really love making demo videos for my extensions. Take a peek:

Documentation: Online

Read article...

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Kunena Forum