Add basic CSP functionality #74

empijei · 2020-08-14T09:01:38Z

The plugin should implement the following features:

Enforcement or Report-Only
Enable strict-dynamic (defaults to disabled)
Enable unsafe-eval (defaults to disabled)
Set a reporting endpoint or group (defaults to nothing for the time being, it will be a handler that the plugin installs later)
Set base-src (defaults to none)
Add a set of hashes (defaults to empty)

Set a Content-Security-Policy header
The policy should be a strict CSP and nonces should be generated in the Before phase. The plugin will be responsible of putting the nonce in the request context for later retrieval.

The text was updated successfully, but these errors were encountered:

mattiasgrenfeldt · 2020-08-14T14:09:05Z

I'll start working on this

empijei changed the title ~~feature request: plugins: add CSP~~ feature request: plugins: add basic CSP functionality Aug 14, 2020

empijei mentioned this issue Aug 14, 2020

Add template nonce injection #76

Closed

kele added enhancement New feature or request plugin labels Aug 14, 2020

kele changed the title ~~feature request: plugins: add basic CSP functionality~~ Add basic CSP functionality Aug 14, 2020

mattiasgrenfeldt self-assigned this Aug 14, 2020

This was referenced Aug 17, 2020

Added first version of CSP plugin. #93

Merged

Add Trusted Types policy to CSP plugin #99

Closed

empijei closed this as completed in #93 Aug 28, 2020

kele added the v0.1 label Aug 31, 2020

Provide feedback