Content Security Policy

More
5 years 2 weeks ago #77662 by Rooney
Hi, I am trying to harden my page against attacks.

The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring, which dynamic resources are allowed to load.


For Joomla
Code:
Header set Content-Security-Policy "default-src 'self'; script-src 'unsafe-inline';"
in .htaccess works but the FC backend is messed up because some Javascript code is not excecutet

Any ideas?
Best regards
Rooney

Joomla! 3.9.24 and FC 3.3.9

Please Log in or Create an account to join the conversation.

More
5 years 2 weeks ago #77663 by ggppdk
Replied by ggppdk on topic Content Security Policy
Hello

surely we can improve on this one


but J3 backend does not work with these settings for me (i do not speak of flexicontent backend, i mean Joomla backend home)


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.357 seconds
Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline