Blog
FAQ
Discussions
Search
Projects, issues, users, and merge requests.
Project ID, name, and description.
User nickname, name, and org.
Issue ID, title, and summary.
Merge request titles.
Contrib
.social
Feed
Live feed
Builds
Live builds
Core
Tags
Tags and Initiatives
Content-Security-Policy
Open on Drupal.org →
Open on Drupal GitLab →
Created on 14 July 2017,
about 8 years ago
Maintained by
🇨🇦
Canada
gapple
Clone
Clone with SSH
Clone with HTTPS
Clone with
doGit
🇨🇦
Canada
47%
🇳🇱
Netherlands
16%
🇺🇸
United States
15%
🇦🇺
Australia
7%
🇩🇪
Germany
5%
🇧🇪
Belgium
5%
🇯🇵
Japan
1%
🇮🇳
India
1%
🏴☠️
1%
Top 10 contributors
Finalist
11%
🇳🇱
@undersound3
Third and Grove
7%
🇺🇸
@jds1
🇺🇸
@tommasorandazzo
LakeDrops
5%
🇩🇪
@jurgenhaas
Forum One
4%
🇺🇸
@bburg
iO
4%
🇳🇱
@Remco Hoeneveld
PreviousNext
3%
🇦🇺
@mstrelan
Minsky
3%
🇧🇪
@dieterholvoet
UC Berkeley Web Platform Services
1%
🇺🇸
@cboyden
The College Board
1%
🇺🇸
@dgroene
SWIS
1%
🇳🇱
@timohuisman
+3
and 3 other organisations
Nagarro
🇮🇳
@kanchamk
SeeD EM
@jvbrian
1hoog
🇳🇱
@undersound3
and 5 individuals
( 56% )
🇦🇺
@dpi
🇨🇦
@gapple
🇺🇸
@jeffreysmattson
🇧🇪
@mr.baileys
🇯🇵
@ptmkenny
Follow
Sign in to follow projects
Merge Requests
More
!55
Prioritise visibility of enabled policy types on configuration page loads
Open
Show issue
🇦🇺
Australia
dpi
updated
about 1 month ago
!54
Version 1.33 can not be installed on Drupal 11
Open
Show issue
🇩🇪
Germany
jurgenhaas
updated
7 months ago
!53
Remove code for Firefox bug 1313937
Open
Show issue
🇧🇪
Belgium
mr.baileys
updated
8 months ago
!52
Make auto sources configurable
Open
Show issue
Unnamed author
updated
10 months ago
!51
Only add header to relevant responses
Open
Show issue
🇨🇦
Canada
gapple
updated
10 months ago
!50
The Content-Security-Policy module is missing a README, which serves as documentation.
Open
Show issue
Unnamed author
updated
10 months ago
More Merge Requests
Issues
✨
Prioritise visibility of enabled policy types on configuration page loads
Active
Code
Created
about 1 month ago
v2.0
🇦🇺
Australia
dpi
about 1 month ago
🐛
Disabled directives are still added to the header by library sources
Fixed
Code
Created
over 6 years ago
v1.0
🇳🇱
Netherlands
paulvandenburg
about 2 months ago
🐛
TypeError: Drupal\Core\Routing\CurrentRouteMatch::getRouteMatch(): Argument #1 ($request) must be of type Symfony\Component\HttpFoundation\Request, null given, called in /var/www/html/web/core/lib/Drupal/Core/Routing/CurrentRouteMatch.php
Active
Code
Created
3 months ago
v2.0
🇮🇳
India
kanchamk
3 months ago
✨
Allow script / style by nonce
Postponed
Code
Created
almost 6 years ago
v1.0
🇨🇦
Canada
gapple
3 months ago
🌱
Core Toolbar anti-flicker script adds inline style
Active
Code
Created
about 1 year ago
v2.0
🇺🇸
United States
bburg
4 months ago
🐛
Call to admin/config/system/csp results in TypeError
Active
Code
Created
6 months ago
v2.0
johnwt
4 months ago
💬
Auto-source fonts.googleapis.com without https://
Active
Code
Created
6 months ago
v2.0
🇳🇱
Netherlands
zebda
4 months ago
💬
'directives' is a required key.
Active
Code
Created
4 months ago
v2.0
🇺🇸
United States
bburg
4 months ago
💬
How to use the Nonce/PolicyHelper service
Active
Code
Created
about 1 year ago
v2.0
🇺🇸
United States
spfaffly
4 months ago
🐛
preg_match() Passing null to parameter #2 ($subject) of type string is deprecated.
Active
Code
Created
7 months ago
v1.0
🇳🇱
Netherlands
Remco Hoeneveld
4 months ago
💬
Refused to send form data on password reset with 'self'
Active
Code
Created
4 months ago
v2.0
🇳🇱
Netherlands
zebda
4 months ago
✨
Allow Lottie json files.
Active
Code
Created
5 months ago
v2.0
🇺🇸
United States
jeffreysmattson
5 months ago
🐛
Config overrides cause PHP warning and missing link text
Active
Code
Created
5 months ago
v2.0
🇺🇸
United States
cboyden
5 months ago
📌
Refactor policy config to config entities
Active
Code
Created
5 months ago
v2.0
🇨🇦
Canada
gapple
5 months ago
✨
Make auto sources configurable
Needs review
Code
Created
almost 4 years ago
v1.0
🇳🇱
Netherlands
arkener
5 months ago
🐛
Call to a member function validateForm() on null in Drupal\csp\Form\CspSettingsForm->validateForm()
Active
Code
Created
about 1 year ago
v2.0
🇫🇷
France
Nicolas S.
6 months ago
💬
Questions about adding nonces
Active
Code
Created
8 months ago
v2.0
🇳🇱
Netherlands
undersound3
6 months ago
📌
Remove code for Firefox bug 1313937
Postponed
Code
Created
almost 2 years ago
v1.0
🇨🇦
Canada
gapple
6 months ago
🐛
Version 1.33 can not be installed on Drupal 11
Active
Code
Created
7 months ago
v1.0
🇩🇪
Germany
jurgenhaas
7 months ago
📌
Use case: strict-dynamic and nonce
Active
Miscellaneous
Created
7 months ago
v2.0
🇫🇷
France
OmManiPadmeHum
7 months ago
💬
At nonce to Piwik Pro inline script
Active
Code
Created
8 months ago
v2.0
🇳🇱
Netherlands
zebda
7 months ago
🐛
csp_extras isn't compatible to D11
Active
Code
Created
8 months ago
v2.0
🇫🇷
France
OmManiPadmeHum
8 months ago
🐛
'auto' is not a supported key
Active
Code
Created
9 months ago
v2.0
michael.garrido
9 months ago
💬
Changes of the module don't reflect in front-end
Active
Code
Created
9 months ago
v2.0
🇳🇱
Netherlands
zebda
9 months ago
📌
Only add header to relevant responses
Needs work
Code
Created
almost 7 years ago
v2.0
🇨🇦
Canada
gapple
10 months ago
📌
The Content-Security-Policy module is missing a README, which serves as documentation.
Needs work
Documentation
Created
about 1 year ago
v2.0
🇮🇳
India
anishnirmal
10 months ago
🐛
Notice: Uninitialized string offset: 0
Active
Code
Created
11 months ago
v2.0
🇧🇪
Belgium
dieterholvoet
11 months ago
📌
Use config_target in settings form
Active
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
11 months ago
📌
Add config validation constraint for sources
Active
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
12 months ago
📌
Add config validation constraint for source list flags
Postponed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
🌱
Use Autowire & Autoconfigure for services
Fixed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Add config validation constraint for trusted types policies
Fixed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Add basic config validation constraints
Fixed
Code
Created
about 2 years ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
💬
General strategy for misc. sources?
Closed: outdated
Code
Created
about 1 year ago
v2.0
🇺🇸
United States
bburg
about 1 year ago
📌
Remove Umami webfont check
Fixed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Validate directive names in configuration
Postponed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Use autoconfiguration for event subscribers
Closed: duplicate
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Use LoggerAwareInterface
Closed: duplicate
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
🐛
Missing style-src-attr unsafe-inline on Views edit page
Closed: cannot reproduce
Code
Created
almost 4 years ago
v1.0
🇨🇿
Czech Republic
Bohus Ulrych
about 1 year ago
💬
RenderElementAttachedCspSubscriber does not detect elements with nonces added in hook_page_attachments
Closed: works as designed
Code
Created
about 1 year ago
v2.0
🇦🇺
Australia
mstrelan
about 1 year ago
✨
Enable specifying additional directives in library definitions
Active
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
✨
Show current policy on config form
Active
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
🐛
Unrecognized Content-Security-Policy directive 'webrtc' in browser console
Closed: works as designed
Code
Created
about 1 year ago
v2.0
Defcon0
about 1 year ago
💬
Recommended way to add all Google supported domains for GA audience image
Fixed
Code
Created
almost 2 years ago
v1.0
🇪🇸
Spain
pcambra
about 1 year ago
📌
Update minimum supported core version to 10.1
Fixed
Code
Created
almost 2 years ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Automated Drupal 11 compatibility fixes for csp
Fixed
Code
Created
over 1 year ago
v1.0
project update bot
about 1 year ago
📌
Create and use Enum classes internally
Needs review
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
✨
Allow CSP to be added by render elements
Fixed
Code
Created
over 1 year ago
v2.0
🇦🇺
Australia
dpi
about 1 year ago
💬
Differences (features or ideal use cases) comparing with SecKit
Fixed
Documentation
Created
about 1 year ago
v2.0
🇺🇸
United States
w01f
about 1 year ago
📌
Project Browser: Create a logo for Content-Security-Policy
Needs review
User interface
Created
over 1 year ago
v2.0
🇺🇸
United States
Kristen Pol
about 1 year ago
🌱
Use Enums
Active
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
✨
Provides a filter to add nonce attribute to inline scripts.
Needs work
Code
Created
over 1 year ago
v2.0
🇪🇸
Spain
facine
about 1 year ago
🐛
getDirective type error if directive not set
Fixed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
🐛
fallbackAwareAppendIfEnabled still has special treatment for 'none'
Fixed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Update admin css
Fixed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
🌱
CSP 2.0
Fixed
Code
Created
almost 7 years ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Add trusted-types / require-trusted-types-for
Fixed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Support 'inline-speculation-rules' keyword
Fixed
Code
Created
almost 2 years ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Review Reporting API endpoint configs
Fixed
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
📌
Provide a README
Closed: won't fix
Code
Created
over 2 years ago
v1.0
🇯🇵
Japan
ptmkenny
about 1 year ago
📌
Deprecate Site Log reporting handler
Fixed
Code
Created
almost 7 years ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
💬
Clarify Solution for 'Deprecated reporting handler' Warning
Fixed
Documentation
Created
over 1 year ago
v1.0
🇺🇸
United States
jimmb
about 1 year ago
🐛
CSP's report-uri directive is deprecated in favor of report-to
Closed: works as designed
Code
Created
about 1 year ago
v2.0
🇪🇸
Spain
tunic
about 1 year ago
✨
Add CSP entries on a per page basis
Closed: won't fix
Code
Created
over 1 year ago
v2.0
miiimooo
over 1 year ago
✨
Add setting for pretty printing violoation reports in the log
Closed: outdated
Code
Created
over 2 years ago
v1.0
🇬🇷
Greece
smavri
over 1 year ago
📌
Hide 'strict-dynamic' from directive config
Fixed
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Hide 'unsafe-eval' from style-src config
Fixed
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Improve default config
Fixed
Code
Created
over 2 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
🐛
TypeError: Drupal\csp\LibraryPolicyBuilder::__construct(): Argument #5 ($logger) must be of type ?Drupal\csp\LoggerChannelInterface, Psr\Log\NullLogger given \web\core\lib\Drupal\Component\DependencyInjection\Container.php on line 261 in Drupal\csp\Librar
Closed: duplicate
Code
Created
over 1 year ago
v1.0
🇮🇳
India
Asheef
over 1 year ago
📌
Move settings & library policy alterations to own alter subscriber
Fixed
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Remove default CSP headers from core
Fixed
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Remove supression of 'none' behaviour deprecation warning
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🐛
CKEditor requires script-src-elem 'unsafe-inline'
Closed: outdated
Code
Created
over 4 years ago
v1.0
🇳🇱
Netherlands
arkener
over 1 year ago
📌
Update argument order when calling EventDispatcher::dispatch()
Fixed
Code
Created
almost 3 years ago
v1.0
🇮🇹
Italy
emanuelrighetto
over 1 year ago
📌
Consistent default active tab on the CSP settings form
Fixed
Code
Created
over 1 year ago
v2.0
🇳🇿
New Zealand
Gold
over 1 year ago
📌
Fix PHPStan errors
Fixed
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
✨
Add helper for safely appending nonce/hash sources
Fixed
Code
Created
almost 2 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🌱
Better CSP support for themes
Closed: outdated
Code
Created
almost 2 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
✨
CSP headers are overflowing when in maintenance mode (throws error 502)
Closed: works as designed
Code
Created
almost 2 years ago
v1.0
🇧🇷
Brazil
lucasrossi
over 1 year ago
📌
Loosen type-hint on library policy for logger
Fixed
Code
Created
over 1 year ago
v1.0
🇦🇺
Australia
larowlan
over 1 year ago
💬
func_get_arg warning
Fixed
Code
Created
over 1 year ago
v2.0
🇪🇸
Spain
pcambra
over 1 year ago
✨
Enable conditional/alternate directive values
Active
Code
Created
almost 2 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
✨
Cache CSP header for dynamic requests
Needs work
Code
Created
almost 3 years ago
v1.0
🇩🇪
Germany
mkalkbrenner
over 1 year ago
💬
Content-Security-Policy: The page’s settings blocked the loading of a resource at blob: (“default-src”).
Closed: cannot reproduce
Code
Created
over 1 year ago
v1.0
🇮🇳
India
manojprabakar_ss
over 1 year ago
✨
Generate and cache library info on hook_rebuild
Fixed
Code
Created
over 1 year ago
v2.0
🇨🇿
Czech Republic
webroru
over 1 year ago
📌
Remove X-Frame-Options Header
Active
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
🌱
Implement Policy Alter event in other modules
Fixed
Code
Created
almost 6 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
✨
Change handling 'none' with additional sources
Fixed
Code
Created
over 5 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
✨
URIports Reporting provider
Closed: outdated
Code
Created
about 4 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
✨
Create script-src from script-src-attr and script-src-elem
Postponed
Code
Created
almost 6 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
✨
Copy configuration between report-only and enforced
Active
Code
Created
about 7 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
✨
Provide different CSP policy for private files
Active
Code
Created
about 5 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
🌱
Improve handling of sources from libraries
Active
Code
Created
almost 2 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Throw deprecation warning if directive contains 'none' and other values
Fixed
Code
Created
almost 2 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🐛
Preserve 'report-sample' if directive contains 'none'
Fixed
Code
Created
almost 2 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Update csp.admin.js to ES6
Fixed
Code
Created
almost 2 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🐛
Firefox bug fix doesn't detect hashes properly
Fixed
Code
Created
almost 2 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🐛
Hundreds of log entries: Uninitialized string offset: 0
Fixed
Code
Created
about 4 years ago
v1.0
🇫🇮
Finland
Nchase
almost 2 years ago
✨
Add hook_csp_policy_alter for themes
Fixed
Code
Created
almost 2 years ago
v1.0
🇧🇪
Belgium
dieterholvoet
almost 2 years ago
🐛
drupalSettings.csp.nonce is missing
Fixed
Code
Created
almost 2 years ago
v1.0
🇧🇪
Belgium
dieterholvoet
almost 2 years ago
contrib
.social
Blog
FAQ
Discussions
Production build 0.71.5
2024