Warning: This page has not been updated in over over a year and may be outdated or deprecated.
administration:security:content_security_policy
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
administration:security:content_security_policy [2020/06/29 20:03] – [Best Practices / Recommendations] demiankatz | administration:security:content_security_policy [2020/06/30 10:12] – [Enforcing vs. Reporting] demiankatz | ||
---|---|---|---|
Line 11: | Line 11: | ||
==== Configuration File ==== | ==== Configuration File ==== | ||
- | All settings related to Content Security Policies can be found in contentsecuritypolicy.ini. | + | All settings related to Content Security Policies can be found in [[https:// |
==== Enforcing vs. Reporting ==== | ==== Enforcing vs. Reporting ==== | ||
Line 19: | Line 19: | ||
=== Receiving Reports === | === Receiving Reports === | ||
- | When in reporting mode, you can set the report-to setting in contentsecuritypolicy.ini to send reports of violations to a URI that implements a simple API. VuFind does not currently include a built-in reporting endpoint, but several options exist, including: | + | When in reporting mode, you can set the report-to setting in [[https:// |
* [[https:// | * [[https:// | ||
* [[https:// | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | All violations are usually reported in browser' | ||
===== Best Practices / Recommendations ===== | ===== Best Practices / Recommendations ===== | ||
administration/security/content_security_policy.txt · Last modified: 2024/04/11 13:51 by demiankatz