SSL Labs ScoreSecurityHeaders.io Score

Log in to participate

There is no cost to join RicheyWeb, and membership is a requirement to submit bug reports and participate in the support forums.

× Extension Discussions

System - Content Security Policy: Addendum

More
5 months 1 day ago #1098 by michael
michael created the topic: System - Content Security Policy: Addendum
It's time for some additional documentation covering some confusing configuration aspects...

It's time for some additional documentation covering some confusing configuration aspects now that the CSP plugin has been out for a while and a few users have had an opportunity to put it to the test.

An Extra Protocol Type

I'm calling these types Protocol Types, because the documentation doesn't give them a specific name. Two of them are used and described in the CSP specification and will look familiar: http: and https: specifically. There is, however, another type.

You will occasionally see a Blocked URI that is not a URI at all. It is simply labeled "data". This data type refers to content that is held within the attributes of an element such as an image which contains base64 encoded data instead of an image URL.

To handle/allow these data types, just enter them as if they were a protocol. "data:" (without the quotes)

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Kunena Forum