CSP framework

Question

CSP framework

Closed this issue 8 months ago · 3 comments

Contao 5.3 ships with a superbe CSP framework, which we should document in both, the user as well as the developer manual.

What is CSP?
How to enable it
How to add the nonce to your own scripts in templates
How to use hashes in templates
How to have Contao apply hashes to inline styles of WYSIWYG data

Answer 1 · 2024-01-29T10:05:02.000Z

See #1303

What is CSP?

I skimped out on this one - but I can still add the basic gist to the manual if need be (I don't think we should or can document in much detail what CSP is and does and all its implications).

Answer 2 · 2024-01-29T12:10:13.000Z

I've linked to https://content-security-policy.com/ in both the dev docs as well as the manual. The very first paragraph is What is Content-Security-Policy?

Do you think this is enough? Or should we quote this paragraph in the manual for example, along with a German translation.

Answer 3 · 2024-01-29T12:50:16.000Z

I think that's enough :)