aboutsummaryrefslogtreecommitdiffstats
path: root/doc/hook/content_security_policy.bb
diff options
context:
space:
mode:
Diffstat (limited to 'doc/hook/content_security_policy.bb')
-rw-r--r--doc/hook/content_security_policy.bb39
1 files changed, 0 insertions, 39 deletions
diff --git a/doc/hook/content_security_policy.bb b/doc/hook/content_security_policy.bb
deleted file mode 100644
index 96b8095ae..000000000
--- a/doc/hook/content_security_policy.bb
+++ /dev/null
@@ -1,39 +0,0 @@
-[h2]content_security_policy[/h2]
-
-Called to modify CSP settings prior to the output of the Content-Security-Policy header.
-
-This hook permits addons to modify the content-security-policy if necessary to allow loading of foreign js libraries or css styles.
-
-[code]
-if(App::$config['system']['content_security_policy']) {
- $cspsettings = Array (
- 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"),
- 'style-src' => Array ("'self'","'unsafe-inline'")
- );
- call_hooks('content_security_policy',$cspsettings);
-
- // Legitimate CSP directives (cxref: https://content-security-policy.com/)
- $validcspdirectives=Array(
- "default-src", "script-src", "style-src",
- "img-src", "connect-src", "font-src",
- "object-src", "media-src", 'frame-src',
- 'sandbox', 'report-uri', 'child-src',
- 'form-action', 'frame-ancestors', 'plugin-types'
- );
- $cspheader = "Content-Security-Policy:";
- foreach ($cspsettings as $cspdirective => $csp) {
- if (!in_array($cspdirective,$validcspdirectives)) {
- logger("INVALID CSP DIRECTIVE: ".$cspdirective,LOGGER_DEBUG);
- continue;
- }
- $cspsettingsarray=array_unique($cspsettings[$cspdirective]);
- $cspsetpolicy = implode(' ',$cspsettingsarray);
- if ($cspsetpolicy) {
- $cspheader .= " ".$cspdirective." ".$cspsetpolicy.";";
- }
- }
- header($cspheader);
-}
-[/code]
-
-see: boot.php
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 06:16:50 +0000