Content-Security-Policy

  • imp
  • imp's Avatar Offline Topic Author
  • New Member
  • New Member
  • Posts: 5
  • Thanks: 0

Content-Security-Policy was created by imp

Posted 1 year 1 month ago #67290
Hello,
is there anyway to bypass CSP violation when using CK cookies?
If I set:
Code:
Header set Content-Security-Policy: "default-src 'self' 'unsafe-hashes' example.com 'some-hashes';"
everything works except CK cookies
Code:
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-hashes'...
- its not possible to bypass it by adding its hashes, because hash is different for every single user (probably because of "UNIQUE_KEY")
by imp

Please Log in or Create an account to join the conversation.

Replied by ced1870 on topic Content-Security-Policy

Posted 1 year 1 month ago #67291
Hi
why do you need this type of security ? I have never seen that before
if you find what needs to be update in the Cookies CK extension, I can have a look at it, but for now I don't have the time to take a look before 2-3 weeks ...
CEd

Joomlack Webmaster and Developer

by ced1870

Please Log in or Create an account to join the conversation.

  • imp
  • imp's Avatar Offline Topic Author
  • New Member
  • New Member
  • Posts: 5
  • Thanks: 0

Replied by imp on topic Content-Security-Policy

Posted 1 year 1 month ago #67295
Thank you for answer. To meet w3c standards.
www.w3.org/TR/CSP/
by imp

Please Log in or Create an account to join the conversation.

Replied by ced1870 on topic Content-Security-Policy

Posted 1 year 1 month ago #67298
setting a level3 is not a standard, this is you own choice :)

Joomlack Webmaster and Developer

by ced1870

Please Log in or Create an account to join the conversation.

Replied by ced1870 on topic Content-Security-Policy

Posted 1 year 1 month ago #67299
just to be clear, for now I have not yet worked on this level3 requisition, and my extensions are not following this
I have no idea what shall be done for that, but if you have some infos I can check that in a near future

Joomlack Webmaster and Developer

by ced1870

Please Log in or Create an account to join the conversation.

  • imp
  • imp's Avatar Offline Topic Author
  • New Member
  • New Member
  • Posts: 5
  • Thanks: 0

Replied by imp on topic Content-Security-Policy

Posted 1 year 1 month ago #67303
The problem is, that CSP cannot be turned on at all because of this one script. CSP maybe is not crucial, but its good practice. I don't know how to help - i'm not programmer, just simple man with own website :-)
by imp

Please Log in or Create an account to join the conversation.

Time to create page: 0.813 seconds

Fast and powerful creation, customizable and responsive.

Read More

We have 837 guests and no members online