Warning: This page has not been updated in over over a year and may be outdated or deprecated.
administration:security:content_security_policy
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
administration:security:content_security_policy [2020/06/30 05:43] – [Enforcing vs. Reporting] xmorave2 | administration:security:content_security_policy [2020/09/22 13:26] – demiankatz | ||
---|---|---|---|
Line 11: | Line 11: | ||
==== Configuration File ==== | ==== Configuration File ==== | ||
- | All settings related to Content Security Policies can be found in [[https:// | + | All settings related to Content Security Policies can be found in [[https:// |
==== Enforcing vs. Reporting ==== | ==== Enforcing vs. Reporting ==== | ||
Line 19: | Line 19: | ||
=== Receiving Reports === | === Receiving Reports === | ||
- | When in reporting mode, you can set the report-to setting in [[https:// | + | When in reporting mode, you can set the report-to setting in [[https:// |
* [[https:// | * [[https:// | ||
* [[https:// | * [[https:// | ||
- | * [[https:// | + | * [[https:// |
All violations are usually reported in browser' | All violations are usually reported in browser' | ||
Line 31: | Line 31: | ||
* By default, VuFind is set up to be fairly permissive about which scripts it will execute; if you are not using any options that rely on external scripts, or if you can reliably eliminate the use of non-HTTPS files, you should consider applying more restrictive settings than the defaults. | * By default, VuFind is set up to be fairly permissive about which scripts it will execute; if you are not using any options that rely on external scripts, or if you can reliably eliminate the use of non-HTTPS files, you should consider applying more restrictive settings than the defaults. | ||
- | * By default, VuFind assumes that all CSS styles, images and fonts will be served up locally; if you are using any services or customizations that pull these resources in from third-party sites, you will need to set up more permissive settings. | + | * By default, VuFind assumes that all CSS styles, images and fonts will be served up locally; if you are using any services |
- | * Consider setting up a reporting server (see tool options listed above) so you can test whether any pages of your site are violating your CSP; once you have determined that the site is working as expected, you should | + | * Consider setting up a reporting server (see tool options listed above) so you can test whether any pages of your site are violating your CSP; once you have determined that the site is working as expected, you should |
administration/security/content_security_policy.txt · Last modified: 2024/04/11 13:51 by demiankatz