SSL Labs ScoreSecurityHeaders.io ScoreHSTS Preloaded

Log in to participate

There is no cost to join RicheyWeb, and membership is a requirement to submit bug reports and participate in the support forums.

× Extension Discussions

System - Content Security Policy: Addendum

More
1 year 11 months ago #1098 by michael
It's time for some additional documentation covering some confusing configuration aspects...

It's time for some additional documentation covering some confusing configuration aspects now that the CSP plugin has been out for a while and a few users have had an opportunity to put it to the test.

An Extra Protocol Type

I'm calling these types Protocol Types, because the documentation doesn't give them a specific name. Two of them are used and described in the CSP specification and will look familiar: http: and https: specifically. There is, however, another type.

You will occasionally see a Blocked URI that is not a URI at all. It is simply labeled "data". This data type refers to content that is held within the attributes of an element such as an image which contains base64 encoded data instead of an image URL.

To handle/allow these data types, just enter them as if they were a protocol. "data:" (without the quotes)

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Powered by Kunena Forum