Code Monkey home page Code Monkey logo

Comments (9)

bnomei avatar bnomei commented on June 1, 2024 1

@S1SYPHOS i will add this to plugin as well as a check for the api url.

from kirby3-security-headers.

bnomei avatar bnomei commented on June 1, 2024

try bnomei.securityheaders.enabled option with a callback and return same check like here?

kirby3-security-headers/classes/SecurityHeaders.php

Line 34 in 68ce54c

$isPanel = strpos(

from kirby3-security-headers.

bnomei avatar bnomei commented on June 1, 2024

another idea would be to use the same isPanel check in

  1. loader option and load a different json with unsave eval AND
  2. return callback with null at the seed option to disable the nonce output then

CSP with nonce will not allow unsafe. thats just how it is.

from kirby3-security-headers.

S1SYPHOS avatar S1SYPHOS commented on June 1, 2024

Thanks for your ideas, they have already proven helpful!

I went with option No. 1:

'bnomei.securityheaders.loader' => function () {
    # Panel check, borrowed from @bnomei's `security-headers`
    # See https://github.com/steirico/kirby-plugin-custom-add-fields/issues/37
    $isPanel = strpos(
        kirby()->request()->url()->toString(),
        kirby()->urls()->panel
    ) !== false;

    if ($isPanel) {
        return kirby()->root('config') . '/settings/csp-backend.json';
    }

    return kirby()->root('config') . '/settings/csp-frontend.json';
}

.. hacky solution until v3.5 fixes this ;)

from kirby3-security-headers.

bnomei avatar bnomei commented on June 1, 2024

not 100% but i think you need to do [loader + seed] or [enabled].

from kirby3-security-headers.

S1SYPHOS avatar S1SYPHOS commented on June 1, 2024

Well, worked well as far as I could tell, but sure ..

'bnomei.securityheaders.enabled' => function () {
    # Panel check, borrowed from @bnomei's `security-headers`
    # See https://github.com/steirico/kirby-plugin-custom-add-fields/issues/37
    $isPanel = strpos(
        kirby()->request()->url()->toString(),
        kirby()->urls()->panel
    ) !== false;

    return !$isPanel;
},

from kirby3-security-headers.

bnomei avatar bnomei commented on June 1, 2024

https://github.com/bnomei/kirby3-security-headers/releases/tag/v2.4.0

from kirby3-security-headers.

bnomei avatar bnomei commented on June 1, 2024

@S1SYPHOS once updated to 2.4.0 you will have to remove your custom config value for bnomei.securityheaders.enabled or the api will still be using the headers

from kirby3-security-headers.

S1SYPHOS avatar S1SYPHOS commented on June 1, 2024

Roger that

from kirby3-security-headers.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.