Comments (9)
@S1SYPHOS i will add this to plugin as well as a check for the api url.
from kirby3-security-headers.
try bnomei.securityheaders.enabled
option with a callback and return same check like here?
from kirby3-security-headers.
another idea would be to use the same isPanel check in
loader
option and load a different json withunsave eval
AND- return callback with null at the
seed
option to disable the nonce output then
CSP with nonce will not allow unsafe. thats just how it is.
from kirby3-security-headers.
Thanks for your ideas, they have already proven helpful!
I went with option No. 1:
'bnomei.securityheaders.loader' => function () {
# Panel check, borrowed from @bnomei's `security-headers`
# See https://github.com/steirico/kirby-plugin-custom-add-fields/issues/37
$isPanel = strpos(
kirby()->request()->url()->toString(),
kirby()->urls()->panel
) !== false;
if ($isPanel) {
return kirby()->root('config') . '/settings/csp-backend.json';
}
return kirby()->root('config') . '/settings/csp-frontend.json';
}
.. hacky solution until v3.5 fixes this ;)
from kirby3-security-headers.
not 100% but i think you need to do [loader + seed] or [enabled].
from kirby3-security-headers.
Well, worked well as far as I could tell, but sure ..
'bnomei.securityheaders.enabled' => function () {
# Panel check, borrowed from @bnomei's `security-headers`
# See https://github.com/steirico/kirby-plugin-custom-add-fields/issues/37
$isPanel = strpos(
kirby()->request()->url()->toString(),
kirby()->urls()->panel
) !== false;
return !$isPanel;
},
from kirby3-security-headers.
https://github.com/bnomei/kirby3-security-headers/releases/tag/v2.4.0
from kirby3-security-headers.
@S1SYPHOS once updated to 2.4.0 you will have to remove your custom config value for bnomei.securityheaders.enabled
or the api will still be using the headers
from kirby3-security-headers.
Roger that
from kirby3-security-headers.
Related Issues (20)
- remove echo in readme
- switch 3rd party lib HOT 1
- panel csp issues HOT 2
- Fix nonce generation
- Make it possible to enable CSP in debug mode HOT 3
- Configured CSP header is ignored HOT 2
- <style> doesn't respect $site->nonce() HOT 7
- "nonce" question HOT 1
- Update Features policy to Permissions Policy ? HOT 1
- Setup with custom json file HOT 5
- Error when trying to implement a hash HOT 2
- add feature header HOT 2
- nonce attribute is empty if config.php : debug => false HOT 1
- [FAQ] Inline Style-attribute rejected HOT 2
- semantic version
- [FAQ] How to allow Vimeo or Youtube HOT 1
- [FAQ] Which policies should I create?
- [FAQ] How to allow Google Analytics or Google Tag Manager or Matomo HOT 2
- option to use route:before hook instead of snippet
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kirby3-security-headers.