Blog
FAQ
Discussions
Search
Projects, issues, users, and merge requests.
Project ID, name, and description.
User nickname, name, and org.
Issue ID, title, and summary.
Merge request titles.
Contrib
.social
Feed
Live feed
Builds
Live builds
Core
Tags
Tags and Initiatives
Content-Security-Policy
Open on Drupal.org →
Open on Drupal GitLab →
Created on 14 July 2017,
almost 8 years ago
Maintained by
🇨🇦
Canada
gapple
Clone
Clone with SSH
Clone with HTTPS
Clone with
doGit
🇨🇦
Canada
63%
🇺🇸
United States
14%
🇳🇱
Netherlands
8%
🇦🇺
Australia
3%
🇩🇪
Germany
3%
🇧🇪
Belgium
3%
🏴☠️
3%
🇫🇷
France
1%
🇮🇳
India
1%
🏴☠️
🇯🇵
1%
Top 10 contributors
Forum One
6%
🇺🇸
@bburg
Finalist
6%
🇳🇱
@undersound3
PreviousNext
3%
🇦🇺
@mstrelan
Third and Grove
3%
🇺🇸
@jds1
🇺🇸
@tommasorandazzo
LakeDrops
3%
🇩🇪
@jurgenhaas
iO
2%
🇳🇱
@Remco Hoeneveld
Itty Bitty Byte
1%
🇺🇸
@Kristen Pol
Minsky
1%
🇧🇪
@dieterholvoet
Axess Open Web Services
1%
🇫🇷
@Nicolas S.
Virasat Solutions
1%
🇮🇳
@mohd sahzad
+7
and 7 other organisations
UC Berkeley Web Platform Services
🇺🇸
@cboyden
VMLY&R
🇺🇸
@spfaffly
SWIS
🇳🇱
@timohuisman
SeeD EM
@jvbrian
Salsa Digital
🇺🇸
@Kristen Pol
QuantCDN
🇺🇸
@Kristen Pol
1hoog
🇳🇱
@undersound3
and 6 individuals
( 69% )
🇺🇸
@bob.hinrichs
🇨🇦
@gapple
🇺🇸
@jeffreysmattson
🇧🇪
@mr.baileys
🇯🇵
@ptmkenny
@Defcon0
Follow
Sign in to follow projects
Merge Requests
More
!54
Version 1.33 can not be installed on Drupal 11
Open
Show issue
🇩🇪
Germany
jurgenhaas
updated
3 months ago
!53
Remove code for Firefox bug 1313937
Open
Show issue
🇧🇪
Belgium
mr.baileys
updated
4 months ago
!52
Make auto sources configurable
Open
Show issue
Unnamed author
updated
6 months ago
!51
Only add header to relevant responses
Open
Show issue
🇨🇦
Canada
gapple
updated
6 months ago
!50
The Content-Security-Policy module is missing a README, which serves as documentation.
Open
Show issue
Unnamed author
updated
6 months ago
!49
Use config_target in settings form
Merged
Show issue
🇨🇦
Canada
gapple
updated
7 months ago
More Merge Requests
Issues
💬
'directives' is a required key.
Active
Code
Created
4 days ago
v2.0
🇺🇸
United States
bburg
4 days ago
💬
How to use the Nonce/PolicyHelper service
Active
Code
Created
10 months ago
v2.0
🇺🇸
United States
spfaffly
4 days ago
🐛
preg_match() Passing null to parameter #2 ($subject) of type string is deprecated.
Active
Code
Created
3 months ago
v1.0
🇳🇱
Netherlands
Remco Hoeneveld
11 days ago
💬
Auto-source fonts.googleapis.com without https://
Active
Code
Created
2 months ago
v2.0
🇳🇱
Netherlands
zebda
11 days ago
💬
Refused to send form data on password reset with 'self'
Active
Code
Created
11 days ago
v2.0
🇳🇱
Netherlands
zebda
11 days ago
✨
Allow Lottie json files.
Active
Code
Created
22 days ago
v2.0
🇺🇸
United States
jeffreysmattson
15 days ago
🐛
Call to admin/config/system/csp results in TypeError
Active
Code
Created
2 months ago
v2.0
johnwt
23 days ago
🐛
Config overrides cause PHP warning and missing link text
Active
Code
Created
25 days ago
v2.0
🇺🇸
United States
cboyden
25 days ago
📌
Refactor policy config to config entities
Active
Code
Created
27 days ago
v2.0
🇨🇦
Canada
gapple
27 days ago
✨
Allow script / style by nonce
Postponed
Code
Created
over 5 years ago
v1.0
🇨🇦
Canada
gapple
28 days ago
✨
Make auto sources configurable
Needs review
Code
Created
over 3 years ago
v1.0
🇳🇱
Netherlands
arkener
30 days ago
🐛
Call to a member function validateForm() on null in Drupal\csp\Form\CspSettingsForm->validateForm()
Active
Code
Created
8 months ago
v2.0
🇫🇷
France
Nicolas S.
about 2 months ago
💬
Questions about adding nonces
Active
Code
Created
4 months ago
v2.0
🇳🇱
Netherlands
undersound3
about 2 months ago
📌
Remove code for Firefox bug 1313937
Postponed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
2 months ago
🐛
Version 1.33 can not be installed on Drupal 11
Active
Code
Created
3 months ago
v1.0
🇩🇪
Germany
jurgenhaas
2 months ago
📌
Use case: strict-dynamic and nonce
Active
Miscellaneous
Created
3 months ago
v2.0
🇫🇷
France
OmManiPadmeHum
3 months ago
💬
At nonce to Piwik Pro inline script
Active
Code
Created
4 months ago
v2.0
🇳🇱
Netherlands
zebda
3 months ago
🐛
csp_extras isn't compatible to D11
Active
Code
Created
4 months ago
v2.0
🇫🇷
France
OmManiPadmeHum
4 months ago
🐛
'auto' is not a supported key
Active
Code
Created
5 months ago
v2.0
michael.garrido
4 months ago
💬
Changes of the module don't reflect in front-end
Active
Code
Created
5 months ago
v2.0
🇳🇱
Netherlands
zebda
5 months ago
📌
Only add header to relevant responses
Needs work
Code
Created
over 6 years ago
v2.0
🇨🇦
Canada
gapple
6 months ago
📌
The Content-Security-Policy module is missing a README, which serves as documentation.
Needs work
Documentation
Created
9 months ago
v2.0
🇮🇳
India
anishnirmal
6 months ago
🐛
Notice: Uninitialized string offset: 0
Active
Code
Created
7 months ago
v2.0
🇧🇪
Belgium
dieterholvoet
7 months ago
📌
Use config_target in settings form
Active
Code
Created
9 months ago
v2.0
🇨🇦
Canada
gapple
7 months ago
📌
Add config validation constraint for sources
Active
Code
Created
9 months ago
v2.0
🇨🇦
Canada
gapple
8 months ago
📌
Add config validation constraint for source list flags
Postponed
Code
Created
9 months ago
v2.0
🇨🇦
Canada
gapple
8 months ago
🌱
Use Autowire & Autoconfigure for services
Fixed
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
8 months ago
📌
Add config validation constraint for trusted types policies
Fixed
Code
Created
9 months ago
v2.0
🇨🇦
Canada
gapple
8 months ago
📌
Add basic config validation constraints
Fixed
Code
Created
almost 2 years ago
v2.0
🇨🇦
Canada
gapple
8 months ago
💬
General strategy for misc. sources?
Closed: outdated
Code
Created
9 months ago
v2.0
🇺🇸
United States
bburg
9 months ago
📌
Remove Umami webfont check
Fixed
Code
Created
9 months ago
v2.0
🇨🇦
Canada
gapple
9 months ago
📌
Validate directive names in configuration
Postponed
Code
Created
9 months ago
v2.0
🇨🇦
Canada
gapple
9 months ago
📌
Use autoconfiguration for event subscribers
Closed: duplicate
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
9 months ago
📌
Use LoggerAwareInterface
Closed: duplicate
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
9 months ago
🐛
Missing style-src-attr unsafe-inline on Views edit page
Closed: cannot reproduce
Code
Created
over 3 years ago
v1.0
🇨🇿
Czech Republic
Bohus Ulrych
9 months ago
💬
RenderElementAttachedCspSubscriber does not detect elements with nonces added in hook_page_attachments
Closed: works as designed
Code
Created
9 months ago
v2.0
🇦🇺
Australia
mstrelan
9 months ago
✨
Enable specifying additional directives in library definitions
Active
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
9 months ago
✨
Show current policy on config form
Active
Code
Created
9 months ago
v2.0
🇨🇦
Canada
gapple
9 months ago
🐛
Unrecognized Content-Security-Policy directive 'webrtc' in browser console
Closed: works as designed
Code
Created
9 months ago
v2.0
Defcon0
9 months ago
💬
Recommended way to add all Google supported domains for GA audience image
Fixed
Code
Created
over 1 year ago
v1.0
🇪🇸
Spain
pcambra
9 months ago
📌
Update minimum supported core version to 10.1
Fixed
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
9 months ago
📌
Automated Drupal 11 compatibility fixes for csp
Fixed
Code
Created
about 1 year ago
v1.0
project update bot
9 months ago
📌
Create and use Enum classes internally
Needs review
Code
Created
9 months ago
v2.0
🇨🇦
Canada
gapple
9 months ago
✨
Allow CSP to be added by render elements
Fixed
Code
Created
about 1 year ago
v2.0
🇦🇺
Australia
dpi
9 months ago
🌱
Core Toolbar anti-flicker script adds inline style
Active
Code
Created
9 months ago
v2.0
🇺🇸
United States
bburg
9 months ago
💬
Differences (features or ideal use cases) comparing with SecKit
Fixed
Documentation
Created
11 months ago
v2.0
🇺🇸
United States
w01f
10 months ago
📌
Project Browser: Create a logo for Content-Security-Policy
Needs review
User interface
Created
11 months ago
v2.0
🇺🇸
United States
Kristen Pol
10 months ago
🌱
Use Enums
Active
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
10 months ago
✨
Provides a filter to add nonce attribute to inline scripts.
Needs work
Code
Created
over 1 year ago
v2.0
🇪🇸
Spain
facine
10 months ago
🐛
getDirective type error if directive not set
Fixed
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
10 months ago
🐛
fallbackAwareAppendIfEnabled still has special treatment for 'none'
Fixed
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
10 months ago
📌
Update admin css
Fixed
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
10 months ago
🌱
CSP 2.0
Fixed
Code
Created
over 6 years ago
v2.0
🇨🇦
Canada
gapple
10 months ago
📌
Add trusted-types / require-trusted-types-for
Fixed
Code
Created
11 months ago
v2.0
🇨🇦
Canada
gapple
10 months ago
📌
Support 'inline-speculation-rules' keyword
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
10 months ago
📌
Review Reporting API endpoint configs
Fixed
Code
Created
11 months ago
v2.0
🇨🇦
Canada
gapple
10 months ago
📌
Provide a README
Closed: won't fix
Code
Created
over 2 years ago
v1.0
🇯🇵
Japan
ptmkenny
11 months ago
📌
Deprecate Site Log reporting handler
Fixed
Code
Created
over 6 years ago
v1.0
🇨🇦
Canada
gapple
11 months ago
💬
Clarify Solution for 'Deprecated reporting handler' Warning
Fixed
Documentation
Created
12 months ago
v1.0
🇺🇸
United States
jimmb
11 months ago
🐛
CSP's report-uri directive is deprecated in favor of report-to
Closed: works as designed
Code
Created
11 months ago
v2.0
🇪🇸
Spain
tunic
11 months ago
✨
Add CSP entries on a per page basis
Closed: won't fix
Code
Created
about 1 year ago
v2.0
miiimooo
11 months ago
✨
Add setting for pretty printing violoation reports in the log
Closed: outdated
Code
Created
almost 2 years ago
v1.0
🇬🇷
Greece
smavri
11 months ago
📌
Hide 'strict-dynamic' from directive config
Fixed
Code
Created
12 months ago
v2.0
🇨🇦
Canada
gapple
11 months ago
📌
Hide 'unsafe-eval' from style-src config
Fixed
Code
Created
12 months ago
v2.0
🇨🇦
Canada
gapple
11 months ago
📌
Improve default config
Fixed
Code
Created
almost 2 years ago
v2.0
🇨🇦
Canada
gapple
11 months ago
🐛
TypeError: Drupal\csp\LibraryPolicyBuilder::__construct(): Argument #5 ($logger) must be of type ?Drupal\csp\LoggerChannelInterface, Psr\Log\NullLogger given \web\core\lib\Drupal\Component\DependencyInjection\Container.php on line 261 in Drupal\csp\Librar
Closed: duplicate
Code
Created
12 months ago
v1.0
🇮🇳
India
Asheef
12 months ago
📌
Move settings & library policy alterations to own alter subscriber
Fixed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
12 months ago
📌
Remove default CSP headers from core
Fixed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
12 months ago
📌
Remove supression of 'none' behaviour deprecation warning
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
12 months ago
🐛
CKEditor requires script-src-elem 'unsafe-inline'
Closed: outdated
Code
Created
over 4 years ago
v1.0
🇳🇱
Netherlands
arkener
12 months ago
📌
Update argument order when calling EventDispatcher::dispatch()
Fixed
Code
Created
over 2 years ago
v1.0
🇮🇹
Italy
emanuelrighetto
12 months ago
📌
Consistent default active tab on the CSP settings form
Fixed
Code
Created
over 1 year ago
v2.0
🇳🇿
New Zealand
Gold
12 months ago
📌
Fix PHPStan errors
Fixed
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
12 months ago
✨
Add helper for safely appending nonce/hash sources
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
🌱
Better CSP support for themes
Closed: outdated
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
✨
CSP headers are overflowing when in maintenance mode (throws error 502)
Closed: works as designed
Code
Created
over 1 year ago
v1.0
🇧🇷
Brazil
lucasrossi
about 1 year ago
📌
Loosen type-hint on library policy for logger
Fixed
Code
Created
about 1 year ago
v1.0
🇦🇺
Australia
larowlan
about 1 year ago
💬
func_get_arg warning
Fixed
Code
Created
about 1 year ago
v2.0
🇪🇸
Spain
pcambra
about 1 year ago
✨
Enable conditional/alternate directive values
Active
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
✨
Cache CSP header for dynamic requests
Needs work
Code
Created
over 2 years ago
v1.0
🇩🇪
Germany
mkalkbrenner
about 1 year ago
💬
Content-Security-Policy: The page’s settings blocked the loading of a resource at blob: (“default-src”).
Closed: cannot reproduce
Code
Created
about 1 year ago
v1.0
🇮🇳
India
manojprabakar_ss
about 1 year ago
✨
Generate and cache library info on hook_rebuild
Fixed
Code
Created
over 1 year ago
v2.0
🇷🇺
Russia
aa2007
about 1 year ago
📌
Remove X-Frame-Options Header
Active
Code
Created
about 1 year ago
v2.0
🇨🇦
Canada
gapple
about 1 year ago
🌱
Implement Policy Alter event in other modules
Fixed
Code
Created
over 5 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
✨
Change handling 'none' with additional sources
Fixed
Code
Created
about 5 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
✨
URIports Reporting provider
Closed: outdated
Code
Created
over 3 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
✨
Create script-src from script-src-attr and script-src-elem
Postponed
Code
Created
over 5 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
✨
Copy configuration between report-only and enforced
Active
Code
Created
almost 7 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
✨
Provide different CSP policy for private files
Active
Code
Created
almost 5 years ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
🌱
Improve handling of sources from libraries
Active
Code
Created
over 1 year ago
v2.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Throw deprecation warning if directive contains 'none' and other values
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🐛
Preserve 'report-sample' if directive contains 'none'
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Update csp.admin.js to ES6
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🐛
Firefox bug fix doesn't detect hashes properly
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🐛
Hundreds of log entries: Uninitialized string offset: 0
Fixed
Code
Created
almost 4 years ago
v1.0
🇫🇮
Finland
Nchase
over 1 year ago
✨
Add hook_csp_policy_alter for themes
Fixed
Code
Created
over 1 year ago
v1.0
🇧🇪
Belgium
dieterholvoet
over 1 year ago
🐛
drupalSettings.csp.nonce is missing
Fixed
Code
Created
over 1 year ago
v1.0
🇧🇪
Belgium
dieterholvoet
over 1 year ago
📌
Cleanup support for old versions of core
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Cleanup use of deprecated watchdog_exception
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
📌
Cleanup use of MASTER_REQUEST
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
contrib
.social
Blog
FAQ
Discussions
Production build 0.71.5
2024