Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
Elxis documentation
for users and developers.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Security
»
Content Security Policy CSP
« previous
next »
Print
Pages: [
1
]
Author
Topic: Content Security Policy CSP (Read 7208 times)
perseas
Jr. Member
Posts: 97
Content Security Policy CSP
«
on:
September 27, 2017, 23:30:06 »
Hello there,
I decided to use the CSP below on my elxis site (Version 4.5) with SSL certificate
default-src 'none'; script-src 'self'
www.google-analytics.com
ajax.googleapis.com; connect-src 'self'; img-src 'self'; style-src 'self'; https: data;
Can i write this direckly in the text field of Content Security Policy CSP (Control panel > Settings > Security > Content Security Policy CSP)
or i must write something else?
Can you advise me ?
Best regards
Logged
datahell
Elxis Team
Hero Member
Posts: 10358
Re: Content Security Policy CSP
«
Reply #1 on:
September 30, 2017, 19:37:25 »
Yes. What ever you write there it will be applied by Elxis to the "
Content-Security-Policy
" http header. You can
read more about CSP here
.
Please note that by using CSP you might have issues with external loaded javascript, css and image files. Make sure the js/css/image files your site is using are inside the
script-src/style-src/img-src
properties. Elxis does not uses external sources and so you have nothing to fear from Elxis. If any problem arise it will be by your own http code. Using CSP is recommended, go ahead!
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
perseas
Jr. Member
Posts: 97
Re: Content Security Policy CSP
«
Reply #2 on:
September 30, 2017, 19:42:45 »
Many Thanks for your information, Datahell !
Logged
datahell
Elxis Team
Hero Member
Posts: 10358
Re: Content Security Policy CSP
«
Reply #3 on:
September 30, 2017, 19:57:02 »
Something I forgot to tell you is that you will face problems in pages with inline css/js... So be careful.
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
perseas
Jr. Member
Posts: 97
Re: Content Security Policy CSP
«
Reply #4 on:
September 30, 2017, 19:59:57 »
I will try on a test site first. I know that is very risky to use it.
Logged
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Security
»
Content Security Policy CSP