Warning: This page has not been updated in over over a year and may be outdated or deprecated.
administration:security:content_security_policy
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
administration:security:content_security_policy [2020/06/29 12:14] – demiankatz | administration:security:content_security_policy [2020/06/29 18:20] – [Configuring VuFind's CSP] demiankatz | ||
---|---|---|---|
Line 9: | Line 9: | ||
===== Configuring VuFind' | ===== Configuring VuFind' | ||
- | // Details coming soon. // | + | ==== Configuration File ==== |
+ | All settings related to Content Security Policies can be found in contentsecuritypolicy.ini. | ||
+ | |||
+ | ==== Enforcing vs. Reporting ==== | ||
+ | |||
+ | The CSP can be configured to either block violating content, or simply to report problems. VuFind is set to reporting mode by default to avoid backward compatibility breaks. | ||
+ | |||
+ | === Receiving Reports === | ||
+ | |||
+ | When in reporting mode, you can set the report-to setting in contentsecuritypolicy.ini to send reports of violations to a URI that implements a simple API. VuFind does not currently include a built-in reporting endpoint, but several options exist, including: | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
===== Best Practices / Recommendations ===== | ===== Best Practices / Recommendations ===== | ||
administration/security/content_security_policy.txt · Last modified: 2024/04/11 13:51 by demiankatz