Blog
FAQ
Discussions
Search
Projects, issues, users, and merge requests.
Project ID, name, and description.
User nickname, name, and org.
Issue ID, title, and summary.
Merge request titles.
Contrib
.social
Feed
Live feed
Builds
Live builds
Core
Tags
Tags and Initiatives
Content-Security-Policy
Open on Drupal.org →
Open on Drupal GitLab →
Created on 14 July 2017,
over 7 years ago
Maintained by
🇨🇦
Canada
gapple
Clone
Clone with SSH
Clone with HTTPS
Clone with
doGit
🇨🇦
Canada
66%
🇺🇸
United States
8%
🇳🇱
Netherlands
8%
🇦🇺
Australia
4%
🏴☠️
4%
🇩🇪
Germany
3%
🇧🇪
Belgium
3%
🇫🇷
France
1%
🇮🇳
India
1%
🏴☠️
🇯🇵
1%
Top 10 contributors
Finalist
5%
🇳🇱
@undersound3
Forum One
4%
🇺🇸
@bburg
PreviousNext
4%
🇦🇺
@mstrelan
LakeDrops
3%
🇩🇪
@jurgenhaas
iO
2%
🇳🇱
@Remco Hoeneveld
Itty Bitty Byte
1%
🇺🇸
@Kristen Pol
Minsky
1%
🇧🇪
@dieterholvoet
Axess Open Web Services
1%
🇫🇷
@Nicolas S.
Virasat Solutions
1%
🇮🇳
@mohd sahzad
VMLY&R
1%
🇺🇸
@spfaffly
+5
and 5 other organisations
SWIS
🇳🇱
@timohuisman
SeeD EM
@jvbrian
Salsa Digital
🇺🇸
@Kristen Pol
QuantCDN
🇺🇸
@Kristen Pol
1hoog
🇳🇱
@undersound3
and 7 individuals
( 74% )
🇺🇸
@bob.hinrichs
🇦🇺
@dpi
🇨🇦
@gapple
🇧🇪
@mr.baileys
🇯🇵
@ptmkenny
@Defcon0
@project update bot
Follow
Sign in to follow projects
Merge Requests
More
!54
Version 1.33 can not be installed on Drupal 11
Open
Show issue
🇩🇪
Germany
jurgenhaas
updated
28 days ago
!53
Remove code for Firefox bug 1313937
Open
Show issue
🇧🇪
Belgium
mr.baileys
updated
about 1 month ago
!52
Make auto sources configurable
Open
Show issue
Unnamed author
updated
4 months ago
!51
Only add header to relevant responses
Open
Show issue
🇨🇦
Canada
gapple
updated
4 months ago
!50
The Content-Security-Policy module is missing a README, which serves as documentation.
Open
Show issue
Unnamed author
updated
4 months ago
!49
Use config_target in settings form
Merged
Show issue
🇨🇦
Canada
gapple
updated
5 months ago
More Merge Requests
Issues
💬
Auto-source fonts.googleapis.com without https://
Active
Code
Created
about 12 hours ago
v2.0
🇳🇱
Netherlands
zebda
about 12 hours ago
🐛
preg_match() Passing null to parameter #2 ($subject) of type string is deprecated.
Active
Code
Created
about 1 month ago
v1.0
🇳🇱
Netherlands
Remco Hoeneveld
1 day ago
💬
Questions about adding nonces
Active
Code
Created
2 months ago
v2.0
🇳🇱
Netherlands
undersound3
3 days ago
📌
Remove code for Firefox bug 1313937
Postponed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
3 days ago
🐛
Call to admin/config/system/csp results in TypeError
Active
Code
Created
7 days ago
v2.0
johnwt
3 days ago
🐛
Version 1.33 can not be installed on Drupal 11
Active
Code
Created
28 days ago
v1.0
🇩🇪
Germany
jurgenhaas
9 days ago
📌
Use case: strict-dynamic and nonce
Active
Miscellaneous
Created
about 1 month ago
v2.0
🇫🇷
France
OmManiPadmeHum
22 days ago
💬
At nonce to Piwik Pro inline script
Active
Code
Created
about 2 months ago
v2.0
🇳🇱
Netherlands
zebda
28 days ago
🐛
csp_extras isn't compatible to D11
Active
Code
Created
about 2 months ago
v2.0
🇫🇷
France
OmManiPadmeHum
about 2 months ago
🐛
'auto' is not a supported key
Active
Code
Created
3 months ago
v2.0
michael.garrido
2 months ago
✨
Allow script / style by nonce
Postponed
Code
Created
over 5 years ago
v1.0
🇨🇦
Canada
gapple
3 months ago
💬
Changes of the module don't reflect in front-end
Active
Code
Created
3 months ago
v2.0
🇳🇱
Netherlands
zebda
3 months ago
✨
Make auto sources configurable
Needs review
Code
Created
over 3 years ago
v1.0
🇳🇱
Netherlands
arkener
4 months ago
📌
Only add header to relevant responses
Needs work
Code
Created
over 6 years ago
v2.0
🇨🇦
Canada
gapple
4 months ago
📌
The Content-Security-Policy module is missing a README, which serves as documentation.
Needs work
Documentation
Created
7 months ago
v2.0
🇮🇳
India
anishnirmal
4 months ago
🐛
Notice: Uninitialized string offset: 0
Active
Code
Created
5 months ago
v2.0
🇧🇪
Belgium
dieterholvoet
5 months ago
📌
Use config_target in settings form
Active
Code
Created
7 months ago
v2.0
🇨🇦
Canada
gapple
5 months ago
📌
Add config validation constraint for sources
Active
Code
Created
7 months ago
v2.0
🇨🇦
Canada
gapple
5 months ago
🐛
Call to a member function validateForm() on null in Drupal\csp\Form\CspSettingsForm->validateForm()
Active
Code
Created
6 months ago
v2.0
🇫🇷
France
Nicolas S.
5 months ago
📌
Add config validation constraint for source list flags
Postponed
Code
Created
7 months ago
v2.0
🇨🇦
Canada
gapple
6 months ago
🌱
Use Autowire & Autoconfigure for services
Fixed
Code
Created
8 months ago
v2.0
🇨🇦
Canada
gapple
6 months ago
📌
Add config validation constraint for trusted types policies
Fixed
Code
Created
7 months ago
v2.0
🇨🇦
Canada
gapple
6 months ago
📌
Add basic config validation constraints
Fixed
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
6 months ago
💬
General strategy for misc. sources?
Closed: outdated
Code
Created
7 months ago
v2.0
🇺🇸
United States
bburg
6 months ago
💬
How to use the Nonce/PolicyHelper service
Fixed
Code
Created
8 months ago
v2.0
🇺🇸
United States
spfaffly
7 months ago
📌
Remove Umami webfont check
Fixed
Code
Created
7 months ago
v2.0
🇨🇦
Canada
gapple
7 months ago
📌
Validate directive names in configuration
Postponed
Code
Created
7 months ago
v2.0
🇨🇦
Canada
gapple
7 months ago
📌
Use autoconfiguration for event subscribers
Closed: duplicate
Code
Created
8 months ago
v2.0
🇨🇦
Canada
gapple
7 months ago
📌
Use LoggerAwareInterface
Closed: duplicate
Code
Created
8 months ago
v2.0
🇨🇦
Canada
gapple
7 months ago
🐛
Missing style-src-attr unsafe-inline on Views edit page
Closed: cannot reproduce
Code
Created
over 3 years ago
v1.0
🇨🇿
Czech Republic
Bohus Ulrych
7 months ago
💬
RenderElementAttachedCspSubscriber does not detect elements with nonces added in hook_page_attachments
Closed: works as designed
Code
Created
7 months ago
v2.0
🇦🇺
Australia
mstrelan
7 months ago
✨
Enable specifying additional directives in library definitions
Active
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
7 months ago
✨
Show current policy on config form
Active
Code
Created
7 months ago
v2.0
🇨🇦
Canada
gapple
7 months ago
🐛
Unrecognized Content-Security-Policy directive 'webrtc' in browser console
Closed: works as designed
Code
Created
7 months ago
v2.0
Defcon0
7 months ago
💬
Recommended way to add all Google supported domains for GA audience image
Fixed
Code
Created
over 1 year ago
v1.0
🇪🇸
Spain
pcambra
7 months ago
📌
Update minimum supported core version to 10.1
Fixed
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
7 months ago
📌
Automated Drupal 11 compatibility fixes for csp
Fixed
Code
Created
12 months ago
v1.0
project update bot
7 months ago
📌
Create and use Enum classes internally
Needs review
Code
Created
7 months ago
v2.0
🇨🇦
Canada
gapple
7 months ago
✨
Allow CSP to be added by render elements
Fixed
Code
Created
11 months ago
v2.0
🇦🇺
Australia
dpi
7 months ago
🌱
Core Toolbar anti-flicker script adds inline style
Active
Code
Created
7 months ago
v2.0
🇺🇸
United States
bburg
7 months ago
💬
Differences (features or ideal use cases) comparing with SecKit
Fixed
Documentation
Created
8 months ago
v2.0
🇺🇸
United States
w01f
8 months ago
📌
Project Browser: Create a logo for Content-Security-Policy
Needs review
User interface
Created
9 months ago
v2.0
🇺🇸
United States
Kristen Pol
8 months ago
🌱
Use Enums
Active
Code
Created
8 months ago
v2.0
🇨🇦
Canada
gapple
8 months ago
✨
Provides a filter to add nonce attribute to inline scripts.
Needs work
Code
Created
about 1 year ago
v2.0
🇪🇸
Spain
facine
8 months ago
🐛
getDirective type error if directive not set
Fixed
Code
Created
8 months ago
v2.0
🇨🇦
Canada
gapple
8 months ago
🐛
fallbackAwareAppendIfEnabled still has special treatment for 'none'
Fixed
Code
Created
8 months ago
v2.0
🇨🇦
Canada
gapple
8 months ago
📌
Update admin css
Fixed
Code
Created
8 months ago
v2.0
🇨🇦
Canada
gapple
8 months ago
🌱
CSP 2.0
Fixed
Code
Created
over 6 years ago
v2.0
🇨🇦
Canada
gapple
8 months ago
📌
Add trusted-types / require-trusted-types-for
Fixed
Code
Created
9 months ago
v2.0
🇨🇦
Canada
gapple
8 months ago
📌
Support 'inline-speculation-rules' keyword
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
8 months ago
📌
Review Reporting API endpoint configs
Fixed
Code
Created
9 months ago
v2.0
🇨🇦
Canada
gapple
8 months ago
📌
Provide a README
Closed: won't fix
Code
Created
about 2 years ago
v1.0
🇯🇵
Japan
ptmkenny
9 months ago
📌
Deprecate Site Log reporting handler
Fixed
Code
Created
over 6 years ago
v1.0
🇨🇦
Canada
gapple
9 months ago
💬
Clarify Solution for 'Deprecated reporting handler' Warning
Fixed
Documentation
Created
9 months ago
v1.0
🇺🇸
United States
jimmb
9 months ago
🐛
CSP's report-uri directive is deprecated in favor of report-to
Closed: works as designed
Code
Created
9 months ago
v2.0
🇪🇸
Spain
tunic
9 months ago
✨
Add CSP entries on a per page basis
Closed: won't fix
Code
Created
about 1 year ago
v2.0
miiimooo
9 months ago
✨
Add setting for pretty printing violoation reports in the log
Closed: outdated
Code
Created
almost 2 years ago
v1.0
🇬🇷
Greece
smavri
9 months ago
📌
Hide 'strict-dynamic' from directive config
Fixed
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
9 months ago
📌
Hide 'unsafe-eval' from style-src config
Fixed
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
9 months ago
📌
Improve default config
Fixed
Code
Created
almost 2 years ago
v2.0
🇨🇦
Canada
gapple
9 months ago
🐛
TypeError: Drupal\csp\LibraryPolicyBuilder::__construct(): Argument #5 ($logger) must be of type ?Drupal\csp\LoggerChannelInterface, Psr\Log\NullLogger given \web\core\lib\Drupal\Component\DependencyInjection\Container.php on line 261 in Drupal\csp\Librar
Closed: duplicate
Code
Created
9 months ago
v1.0
🇮🇳
India
Asheef
9 months ago
📌
Move settings & library policy alterations to own alter subscriber
Fixed
Code
Created
11 months ago
v2.0
🇨🇦
Canada
gapple
10 months ago
📌
Remove default CSP headers from core
Fixed
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
10 months ago
📌
Remove supression of 'none' behaviour deprecation warning
Fixed
Code
Created
about 1 year ago
v1.0
🇨🇦
Canada
gapple
10 months ago
🐛
CKEditor requires script-src-elem 'unsafe-inline'
Closed: outdated
Code
Created
about 4 years ago
v1.0
🇳🇱
Netherlands
arkener
10 months ago
📌
Update argument order when calling EventDispatcher::dispatch()
Fixed
Code
Created
over 2 years ago
v1.0
🇮🇹
Italy
emanuelrighetto
10 months ago
📌
Consistent default active tab on the CSP settings form
Fixed
Code
Created
about 1 year ago
v2.0
🇳🇿
New Zealand
Gold
10 months ago
📌
Fix PHPStan errors
Fixed
Code
Created
11 months ago
v2.0
🇨🇦
Canada
gapple
10 months ago
✨
Add helper for safely appending nonce/hash sources
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
10 months ago
🌱
Better CSP support for themes
Closed: outdated
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
10 months ago
✨
CSP headers are overflowing when in maintenance mode (throws error 502)
Closed: works as designed
Code
Created
over 1 year ago
v1.0
🇧🇷
Brazil
lucasrossi
10 months ago
📌
Loosen type-hint on library policy for logger
Fixed
Code
Created
11 months ago
v1.0
🇦🇺
Australia
larowlan
11 months ago
💬
func_get_arg warning
Fixed
Code
Created
11 months ago
v2.0
🇪🇸
Spain
pcambra
11 months ago
✨
Enable conditional/alternate directive values
Active
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
11 months ago
✨
Cache CSP header for dynamic requests
Needs work
Code
Created
over 2 years ago
v1.0
🇩🇪
Germany
mkalkbrenner
11 months ago
💬
Content-Security-Policy: The page’s settings blocked the loading of a resource at blob: (“default-src”).
Closed: cannot reproduce
Code
Created
12 months ago
v1.0
🇮🇳
India
manojprabakar_ss
11 months ago
✨
Generate and cache library info on hook_rebuild
Fixed
Code
Created
about 1 year ago
v2.0
🇷🇺
Russia
aa2007
12 months ago
📌
Remove X-Frame-Options Header
Active
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
🌱
Implement Policy Alter event in other modules
Fixed
Code
Created
over 5 years ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
✨
Change handling 'none' with additional sources
Fixed
Code
Created
almost 5 years ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
✨
URIports Reporting provider
Closed: outdated
Code
Created
over 3 years ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
✨
Create script-src from script-src-attr and script-src-elem
Postponed
Code
Created
over 5 years ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
✨
Copy configuration between report-only and enforced
Active
Code
Created
over 6 years ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
✨
Provide different CSP policy for private files
Active
Code
Created
over 4 years ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
🌱
Improve handling of sources from libraries
Active
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Throw deprecation warning if directive contains 'none' and other values
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
🐛
Preserve 'report-sample' if directive contains 'none'
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Update csp.admin.js to ES6
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
🐛
Firefox bug fix doesn't detect hashes properly
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
🐛
Hundreds of log entries: Uninitialized string offset: 0
Fixed
Code
Created
over 3 years ago
v1.0
🇫🇮
Finland
Nchase
about 1 year ago
✨
Add hook_csp_policy_alter for themes
Fixed
Code
Created
over 1 year ago
v1.0
🇧🇪
Belgium
dieterholvoet
about 1 year ago
🐛
drupalSettings.csp.nonce is missing
Fixed
Code
Created
over 1 year ago
v1.0
🇧🇪
Belgium
dieterholvoet
about 1 year ago
📌
Cleanup support for old versions of core
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Cleanup use of deprecated watchdog_exception
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Cleanup use of MASTER_REQUEST
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🌱
Drop support for Drupal 9
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🐛
CKEditor5 requires style-src 'unsafe-inline'
Fixed
Code
Created
over 1 year ago
v1.0
🇺🇸
United States
chrissnyder
over 1 year ago
📌
Implementation of hook_help() in module file
Needs work
Code
Created
almost 2 years ago
v1.0
🇮🇳
India
Pracheth
over 1 year ago
✨
Use full file path for external library sources
Needs work
Code
Created
about 3 years ago
v1.0
🇳🇱
Netherlands
arkener
over 1 year ago
📌
Remove code to disable inline anti-flicker js
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
contrib
.social
Blog
FAQ
Discussions
Production build 0.71.5
2024