SSL Labs ScoreSecurityHeaders.io Score

Log in to participate

There is no cost to join RicheyWeb, and membership is a requirement to submit bug reports and participate in the support forums.

× Extension Discussions

System - Content Security Policy

More
2 years 5 months ago #989 by michael
michael created the topic: System - Content Security Policy
System - Content Security Policy {arslatest release System - Content...

System - Content Security Policy

Overview

It's been said that a good Content Security Policy is the most important security measure you can take to protect your clients after switching to SSL. This plugin aims to make that implementation as easy as possible.

Installation

  1. Download System - Content Security Policy from the RicheyWeb download page.
    • This page will remain unlinked, as the link may change in the future. Visit http://www.richeyweb.com and use the search feature - search for "System - Content Security Policy".
  2. In Joomla /administrator, go to the "Extensions" menu, the "Manage" sub-menu, and the "Install" sub-menu.
  3. Select the "Upload Package File" tab
  4. Press the "Choose File" button to browse your system and locate the plugin file you downloaded
  5. Press the "Upload & Install" button

At this point, the extension is installed but not enabled. You can find the plugin by going to the Extensions menu and selecting "Plugins". When in the plugin manager, search for "Content Security Policy". Begin configuration with the AJAX plugin

Configuration

AJAX Plugin

AJAX plugin configuration is only required if you wish to receive reporting data from clients. If you're not interested in receiving this data - you can skip this step and move on to the System plugin configuration below.

The only required setting to use the report gathering features of this plugin is to authorize your referrer (your domain name) as a source of data. If you haven't canonicalized your name, you should put both the www and non-www versions into the configuration:

www.example.com and example.com

If you choose to implement the CLI CRON job, you will need to have at least one recipient.

The final option causes the CRON job to delete the matched items after it emails them.

CRON Job

Users who are able to create CRON jobs on their server can use this feature to send an email to selected recipients. The script is designed to send the reports from the previous day as a CSV file. There is no use running it more than once per day, as it only returns data from the previous day. You will need to create your CRON job to run in the Joomla "cli" directory - and simply run "php csp.php"

System Plugin

The configurations are extensive and complex. Each item label is a link to the documentation for that type of directive. Refer to the documentation if you are unsure about how CSP works.

HELP

Someone will need it - go to the forums or open a support ticket.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Kunena Forum