Please provide better examples for csp

Question

Please provide better examples for csp

dsingleton47 opened this issue 6 years ago · comments

Please provide better examples for CSP in the documentation, if I provide anything other than:
'self' => true I the result is an empty img-src value, this is true if I provide an array as well. for example using the example from paragonie/csp-builder with:

'self' => true,
'data' => true

my resulting policy only has self, data doesn't work at all. If I try to provide a domain, the same is true.

Foreground Web Solutions · Answer 1 · Sat Jul 14 2018 23:03:24 GMT+0800 (China Standard Time)

Hi @bepsvpt, how are you man?, i have troubles by adding the data attribute on:
'font-src' => ['data' => true]
img-src' => ['data' => true]

The 'data' attribute not works!

Can you help me?

Thanks!

Foreground Web Solutions · Answer 2 · Sat Jul 14 2018 23:25:37 GMT+0800 (China Standard Time)

Found the problem to allow 'data', if some one needs to allow 'data' on each attributes (font-src, img-src, style-src, etc), you can do something like this:

font-src => [ 'allow' => 'data:' ]
img-src => [ 'allow' => 'data:' ]

I hope this will be helpfull

bepsvpt · Answer 3 · Tue Jul 31 2018 19:14:45 GMT+0800 (China Standard Time)

Hi @dsingleton47 and @JohanMa4,

I have updated the document. If you have any suggestion, I will deeply appreciate your feedback.

Agência Tamandua · Answer 4 · Wed Dec 09 2020 23:14:49 GMT+0800 (China Standard Time)

Please improve Documents, the CSP part is very bad at understanding.
Could you give better examples of how to use CSP?

bepsvpt · Answer 5 · Sat Dec 12 2020 10:37:22 GMT+0800 (China Standard Time)

Hi @agenciatamandua,

If you can provide your requirements, I can include it in examples.