heimrichhannot/contao-csp-bundle
A Content Security Policy (CSP) bundle to Contao 4.
Maintainers
Package info
github.com/heimrichhannot/contao-csp-bundle
Type:contao-bundle
pkg:composer/heimrichhannot/contao-csp-bundle
Requires
- php: ^8.1
- contao/core-bundle: ^4.13
- heimrichhannot/contao-utils-bundle: ^2.232 || ^3.0
- nelmio/security-bundle: ^2.12 || ^3.0
- symfony/http-kernel: ^5.4
Requires (Dev)
None
Suggests
None
Provides
None
Conflicts
None
Replaces
None
GPL-3.0-or-later 1c02e68fdd527196bfd98701d6fb66a8ad8eb5ea
README
This bundle backports parts of the Content Security Policy (CSP) implementation of Contao 5.3 to Contao 4.13.
This bundle has no handling for inline scripts and styles. You need to add
'unsafe-inline'to your directives.
Upgrade to contao 5
This bundle is just a backport. You can seamlessly upgrade to Contao 5.3 without touching your CSP configuration (you need to uninstall this bundle before upgrading).
Afterwards you can also remove the 'unsafe-inline' directive from your CSP configuration as contao 5.3 has support for handling inline scripts and styles for csp.
Installation
Install the bundle via composer or contao manager and update the database afterwards.
composer require heimrichhannot/contao-csp-bundle
Configuration
Go to the root page settings. There you find an option to enable CSP. If you enable it, you can configure the CSP directives.