Content-Security-Policy
Hello,
is there anyway to bypass CSP violation when using CK cookies?
If I set:
everything works except CK cookies
- its not possible to bypass it by adding its hashes, because hash is different for every single user (probably because of "UNIQUE_KEY")
is there anyway to bypass CSP violation when using CK cookies?
If I set:
Code:
Header set Content-Security-Policy: "default-src 'self' 'unsafe-hashes' example.com 'some-hashes';"
Code:
Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-hashes'...
by imp
Please Log in or Create an account to join the conversation.
Hi
why do you need this type of security ? I have never seen that before
if you find what needs to be update in the Cookies CK extension, I can have a look at it, but for now I don't have the time to take a look before 2-3 weeks ...
CEd
why do you need this type of security ? I have never seen that before
if you find what needs to be update in the Cookies CK extension, I can have a look at it, but for now I don't have the time to take a look before 2-3 weeks ...
CEd
Joomlack Webmaster and Developer
by ced1870
Please Log in or Create an account to join the conversation.
Thank you for answer. To meet w3c standards.
www.w3.org/TR/CSP/
www.w3.org/TR/CSP/
by imp
Please Log in or Create an account to join the conversation.
setting a level3 is not a standard, this is you own choice
Joomlack Webmaster and Developer
by ced1870
Please Log in or Create an account to join the conversation.
just to be clear, for now I have not yet worked on this level3 requisition, and my extensions are not following this
I have no idea what shall be done for that, but if you have some infos I can check that in a near future
I have no idea what shall be done for that, but if you have some infos I can check that in a near future
Joomlack Webmaster and Developer
by ced1870
Please Log in or Create an account to join the conversation.
The problem is, that CSP cannot be turned on at all because of this one script. CSP maybe is not crucial, but its good practice. I don't know how to help - i'm not programmer, just simple man with own website
by imp
Please Log in or Create an account to join the conversation.
Time to create page: 1.091 seconds