- π¬π§United Kingdom the_g_bomb
I've been trying to look into this. I can find anything documented anywhere that highlights the difference between csp and seckit.
Questions I am trying to answer:
Are they solving the same problem?
Is csp a slimmed down version of seckit or vice versa?
What is csp doing that can't be done already in SecKit? - π¨π¦Canada gapple
@the_g_bomb
Seckit has broader but shallower scope of functionality, while CSP has more comprehensive support specifically for Content Security Policy (the Permissions Policy β and Reporting API β modules similarly focus on their respective scopes). CSP aims to make configuration more accessible to site builders, while also offering better capabilities for developers.
Seckit is configured through a set of text fields for each directive. Users have to ensure that their configuration is semantically correct and any modification has to be done through text processing of the configuration. The module currently allows a single policy of either report-only or enforced.
CSP provides:
- structured configuration schema so changes can be made granularly
- separate configuration for report-only and enforced policies
- the configuration form is also structured, and validates the input of additional sources
- integration with the Libraries API automatically adds external sources for CSS and JS in library definitions to their respective directives
- the policy can be modified per-request via an event subscriber, which is provided aCspobject
-'unsafe-inline'exceptions are added to the policy as needed for core libraries (for versions of core prior to 10.1).