Support for configuring script-src-elem

Created on 17 March 2025, 17 days ago

Problem/Motivation

Seckit does not include a place to configure the CSP `script-src-elem` directive.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cont...

CSP will fall back to using the `script-src` directive if the `script-src-elem` directive is missing, but it means that we can't use the seckit module to configure what domains we wish to allow in a

tag versus general script-src.

Steps to reproduce

Go to /admin/config/system/seckit and see that there is no field for configuring script-src-elem

Proposed resolution

Provide a field for configuring script-src-elem and outputting that directive in the CSP headers.

Remaining tasks

User interface changes

API changes

Data model changes

✨ Feature request
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States apotek

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024