bestpractical/rt-extension-csp
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
NAME
RT-Extension-CSP - View Content Security Policy Reports
DESCRIPTION
This extension helps test with and view Content Security Policy Reports
for various CSP settings.
RT VERSION
Works with RT 5.0.6
INSTALLATION
perl Makefile.PL
make
make install
May need root permissions
Edit your /opt/rt4/etc/RT_SiteConfig.pm
Add this line:
Plugin('RT::Extension::CSP');
Clear your mason cache
rm -rf /opt/rt5/var/mason_data/obj
Restart your webserver
CONFIGURATION
Use the following to set the CSP you want to test with.
$CSPReportURI
By default, this is set to /NoAuth/CSP-Report.html, which is provided
with this extension. This endpoint will accept the POSTed CSP reports
sent by the browser and print them to your log at the debug level.
You can set a different value if you have a custom alternate endpoint to
send these reports to.
Set($CSPReportURI, '/my/custom/csp-report');
Note that this may not work in all browsers. Reports have been confirmed
with Firefox on Mac.
If you don't see CSP information in your RT logs, you can still set the
headers below and use the browser console to see CSP notices.
$CSPDirective
The directive for the Content-Security-Policy header.
By default, this is not set.
Setting a value may cause RT to stop working as expected. This is
provided as a tool to help with testing.
Set($CSPDirective, "default-src 'none';");
See Content Security Policy
<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Secur
ity-Policy> for values.
<$CSPReportDirective>
The directive for the Content-Security-Policy-Report-Only header.
This will cause the browser to report CSP issues, but still render the
page as normal.
By default, it uses the most restrictive default-src 'none';.
Provide only the CSP rules, including semicolons. Do not provide the
report-to part. That is added automatically based on the $CSPReportURI.
Set($CSPReportDirective, "default-src 'none';");
AUTHOR
Best Practical Solutions, LLC <modules@bestpractical.com>
All bugs should be reported via email to
bug-RT-Extension-CSP@rt.cpan.org
or via the web at
http://rt.cpan.org/Public/Dist/Display.html?Name=RT-Extension-CSP
LICENSE AND COPYRIGHT
This software is Copyright (c) 2024 by Best Practical Solutions, LLC
This is free software, licensed under:
The GNU General Public License, Version 2, June 1991
About
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published