Content-Security-Policy

More
1 year 10 months ago #67290 by imp
Content-Security-Policy was created by imp
Hello,
is there anyway to bypass CSP violation when using CK cookies?
If I set:
Code:
Header set Content-Security-Policy: "default-src 'self' 'unsafe-hashes' example.com 'some-hashes';"
everything works except CK cookies
Code:
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-hashes'...
- its not possible to bypass it by adding its hashes, because hash is different for every single user (probably because of "UNIQUE_KEY")

Please Log in or Create an account to join the conversation.

More
1 year 10 months ago #67291 by ced1870
Replied by ced1870 on topic Content-Security-Policy
Hi
why do you need this type of security ? I have never seen that before
if you find what needs to be update in the Cookies CK extension, I can have a look at it, but for now I don't have the time to take a look before 2-3 weeks ...
CEd

Joomlack Webmaster and Developer

Please Log in or Create an account to join the conversation.

More
1 year 10 months ago #67295 by imp
Replied by imp on topic Content-Security-Policy
Thank you for answer. To meet w3c standards.
www.w3.org/TR/CSP/

Please Log in or Create an account to join the conversation.

More
1 year 10 months ago #67298 by ced1870
Replied by ced1870 on topic Content-Security-Policy
setting a level3 is not a standard, this is you own choice :)

Joomlack Webmaster and Developer

Please Log in or Create an account to join the conversation.

More
1 year 10 months ago #67299 by ced1870
Replied by ced1870 on topic Content-Security-Policy
just to be clear, for now I have not yet worked on this level3 requisition, and my extensions are not following this
I have no idea what shall be done for that, but if you have some infos I can check that in a near future

Joomlack Webmaster and Developer

Please Log in or Create an account to join the conversation.

More
1 year 10 months ago #67303 by imp
Replied by imp on topic Content-Security-Policy
The problem is, that CSP cannot be turned on at all because of this one script. CSP maybe is not crucial, but its good practice. I don't know how to help - i'm not programmer, just simple man with own website :-)

Please Log in or Create an account to join the conversation.

Time to create page: 0.294 seconds

Fast and powerful creation, customizable and responsive.

Read More

We have 1229 guests and one member online