Please provide better examples for csp

Question

Please provide better examples for csp

dsingleton47 opened this issue 7 years ago · 5 comments

Please provide better examples for CSP in the documentation, if I provide anything other than:
'self' => true I the result is an empty img-src value, this is true if I provide an array as well. for example using the example from paragonie/csp-builder with:

'self' => true,
'data' => true

my resulting policy only has self, data doesn't work at all. If I try to provide a domain, the same is true.

Answer 1 · 2018-07-14T15:03:24.000Z

Hi @bepsvpt, how are you man?, i have troubles by adding the data attribute on:
'font-src' => ['data' => true]
img-src' => ['data' => true]

The 'data' attribute not works!

Can you help me?

Thanks!

Answer 2 · 2018-07-14T15:25:37.000Z

Found the problem to allow 'data', if some one needs to allow 'data' on each attributes (font-src, img-src, style-src, etc), you can do something like this:

font-src => [ 'allow' => 'data:' ]
img-src => [ 'allow' => 'data:' ]

I hope this will be helpfull

Answer 3 · 2018-07-31T11:14:45.000Z

Hi @dsingleton47 and @JohanMa4,

I have updated the document. If you have any suggestion, I will deeply appreciate your feedback.

Answer 4 · 2020-12-09T15:14:49.000Z

Please improve Documents, the CSP part is very bad at understanding.
Could you give better examples of how to use CSP?

Answer 5 · 2020-12-12T02:37:22.000Z

Hi @agenciatamandua,

If you can provide your requirements, I can include it in examples.