Skip to content

Commit

Permalink
Assign CSP header default to 'report-only'
Browse files Browse the repository at this point in the history 
Update default CSP 'repsonse_header' setting to be
'Content-Security-Policy-Report-Only'.
  • Loading branch information
@sbreker
sbreker committed Nov 1, 2023
1 parent 06178a0 commit 5f074ab
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion config/app.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,6 @@ all:
csp:
# Configure CSP response header to be either
# 'Content-Security-Policy-Report-Only' or 'Content-Security-Policy'
response_header: Content-Security-Policy
response_header: Content-Security-Policy-Report-Only
# Configure CSP response directives.
directives: "default-src 'self'; font-src 'self'; img-src 'self' https://www.gravatar.com/avatar/ blob:; script-src 'self' 'nonce'; style-src 'self' 'nonce'; worker-src 'self' blob:; frame-ancestors 'self';"
2 changes: 1 addition & 1 deletion docker/bootstrap.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ function get_host_and_port($value, $default_port)
read_only: false
htmlpurifier_enabled: false
csp:
response_header: Content-Security-Policy
response_header: Content-Security-Policy-Report-Only
directives: "default-src 'self'; font-src 'self'; img-src 'self' https://www.gravatar.com/avatar/ blob:; script-src 'self' 'nonce'; style-src 'self' 'nonce'; worker-src 'self' blob:; frame-ancestors 'self';"
EOT;

Expand Down

0 comments on commit 5f074ab

Please sign in to comment.