Skip to content
/ ls_security_headers Public

This TYPO3 extension offers configurable security headers for the frontend

License

GPL-2.0 license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

LimeSoda/ls_security_headers

BranchesTags

Repository files navigation

TYPO3 11 TYPO3 12

TYPO3 Extension ls_security_headers

This extension offers configurable security headers for the frontend.

Setup

  1. Install the extension by using composer
  2. Create a "Security Headers" record on the root page and configure the desired headers
  3. Validate your configuration with securityheaders.com

Infos

  • Security Headers that are defined in the .htaccess or in some other server configuration will not be overwritten.
  • If EXT:staticfilecache is used, you have to extend the validHtaccessHeaders extension setting.
  • Security Headers for the TYPO3 Backend can be defined in AdditionalConfiguration.php with the BE setting "HTTP".

Nonce support

This extension includes a TypoScript helper function for generating CSP nonces.
All the nonces generated by the function during the request will automatically be added to the Content-Security-Policy header at the end of the request.
Basic usage:

<style nonce="{f:cObject(typoscriptObjectPath: 'lib.cspNonce', data: {length: '32', policy: 'style'})}">

The policy argument defines the policy the nonce should be added to (style for style-src, script for script-src, ...).
The length argument defines the length of the nonce in bytes.

Ressources

LIMESODA Website Security

About

This TYPO3 extension offers configurable security headers for the frontend

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases 5

v1.3.1 Latest
Jul 31, 2024
+ 4 releases

Contributors 2

  •  
  •  

Languages