Content-Security-Policy
1 year 10 months ago #67290
by imp
Content-Security-Policy was created by imp
Hello,
is there anyway to bypass CSP violation when using CK cookies?
If I set:
everything works except CK cookies
- its not possible to bypass it by adding its hashes, because hash is different for every single user (probably because of "UNIQUE_KEY")
is there anyway to bypass CSP violation when using CK cookies?
If I set:
Code:
Header set Content-Security-Policy: "default-src 'self' 'unsafe-hashes' example.com 'some-hashes';"
Code:
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-hashes'...
Please Log in or Create an account to join the conversation.
1 year 10 months ago #67291
by ced1870
Joomlack Webmaster and Developer
Replied by ced1870 on topic Content-Security-Policy
Hi
why do you need this type of security ? I have never seen that before
if you find what needs to be update in the Cookies CK extension, I can have a look at it, but for now I don't have the time to take a look before 2-3 weeks ...
CEd
why do you need this type of security ? I have never seen that before
if you find what needs to be update in the Cookies CK extension, I can have a look at it, but for now I don't have the time to take a look before 2-3 weeks ...
CEd
Joomlack Webmaster and Developer
Please Log in or Create an account to join the conversation.
1 year 10 months ago #67295
by imp
Replied by imp on topic Content-Security-Policy
Thank you for answer. To meet w3c standards.
www.w3.org/TR/CSP/
www.w3.org/TR/CSP/
Please Log in or Create an account to join the conversation.
1 year 10 months ago #67298
by ced1870
Joomlack Webmaster and Developer
Replied by ced1870 on topic Content-Security-Policy
setting a level3 is not a standard, this is you own choice
Joomlack Webmaster and Developer
Please Log in or Create an account to join the conversation.
1 year 10 months ago #67299
by ced1870
Joomlack Webmaster and Developer
Replied by ced1870 on topic Content-Security-Policy
just to be clear, for now I have not yet worked on this level3 requisition, and my extensions are not following this
I have no idea what shall be done for that, but if you have some infos I can check that in a near future
I have no idea what shall be done for that, but if you have some infos I can check that in a near future
Joomlack Webmaster and Developer
Please Log in or Create an account to join the conversation.
1 year 10 months ago #67303
by imp
Replied by imp on topic Content-Security-Policy
The problem is, that CSP cannot be turned on at all because of this one script. CSP maybe is not crucial, but its good practice. I don't know how to help - i'm not programmer, just simple man with own website
Please Log in or Create an account to join the conversation.
Time to create page: 0.294 seconds