Warning: This page has not been updated in over over a year and may be outdated or deprecated.
administration:security:content_security_policy
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revisionNext revisionBoth sides next revision | ||
| administration:security:content_security_policy [2020/06/29 12:14] – created demiankatz | administration:security:content_security_policy [2020/06/29 18:20] – [Configuring VuFind's CSP] demiankatz | ||
|---|---|---|---|
| Line 7: | Line 7: | ||
| You can learn more at the [[https:// | You can learn more at the [[https:// | ||
| + | ===== Configuring VuFind' | ||
| + | |||
| + | ==== Configuration File ==== | ||
| + | |||
| + | All settings related to Content Security Policies can be found in contentsecuritypolicy.ini. | ||
| + | |||
| + | ==== Enforcing vs. Reporting ==== | ||
| + | |||
| + | The CSP can be configured to either block violating content, or simply to report problems. VuFind is set to reporting mode by default to avoid backward compatibility breaks. | ||
| + | |||
| + | === Receiving Reports === | ||
| + | |||
| + | When in reporting mode, you can set the report-to setting in contentsecuritypolicy.ini to send reports of violations to a URI that implements a simple API. VuFind does not currently include a built-in reporting endpoint, but several options exist, including: | ||
| + | |||
| + | * [[https:// | ||
| + | * [[https:// | ||
| ===== Best Practices / Recommendations ===== | ===== Best Practices / Recommendations ===== | ||
administration/security/content_security_policy.txt · Last modified: 2024/04/11 13:51 by demiankatz