Warning: This page has not been updated in over over a year and may be outdated or deprecated.
administration:security:content_security_policy
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
| administration:security:content_security_policy [2020/06/29 18:22] – [Content Security Policy] demiankatz | administration:security:content_security_policy [2020/06/29 19:57] – demiankatz | ||
|---|---|---|---|
| Line 25: | Line 25: | ||
| ===== Best Practices / Recommendations ===== | ===== Best Practices / Recommendations ===== | ||
| - | // Details coming soon. // | + | Here are some tips and recommendations: |
| + | |||
| + | * By default, VuFind is set up to be fairly permissive about which scripts it will execute; if you are not using any options that rely on external scripts, or if you can reliably eliminate the use of non-HTTPS files, you should consider applying more restrictive settings than the defaults. | ||
| + | * By default, VuFind assumes that all CSS, images and fonts will be served up locally; if you are using any services or customizations that pull these resources in from third-party sites, you will need to set up more permissive settings. | ||
administration/security/content_security_policy.txt · Last modified: 2024/04/11 13:51 by demiankatz