Blog
FAQ
Discussions
Contrib
.social
Feed
Live feed
Builds
Live builds
Core
Tags
Tags and Initiatives
#DC
Portland 2024
6-9 May
#
DrupalCon Portland
2024
🇺🇸
Content-Security-Policy
Open on Drupal.org →
Open on Drupal GitLab →
Created on 14 July 2017,
almost 7 years ago
Maintained by
🇨🇦
Canada
gapple
Clone
Clone with SSH
Clone with HTTPS
Clone with
doGit
Follow
Sign in to follow projects
Merge Requests
More
!37
Allow CSP to be conditionally added by content
Open
Show issue
🇦🇺
Australia
dpi
updated
about 20 hours ago
!36
Fix PHPStan errors
Open
Show issue
🇨🇦
Canada
gapple
updated
8 days ago
!24
Add helper for safely appending nonce/hash sources
Merged
Show issue
🇨🇦
Canada
gapple
updated
8 days ago
!35
Loosen type-hint on library policy for logger
Closed
Show issue
🇦🇺
Australia
larowlan
updated
9 days ago
!34
Provides a filter to add nonce attribute to inline scripts.
Open
Show issue
🇨🇦
Canada
gapple
updated
10 days ago
!32
Deprecate Site Log reporting handler
Merged
Show issue
🇨🇦
Canada
gapple
updated
17 days ago
More Merge Requests
Issues
✨
Allow CSP to be conditionally added by content
Needs work
Code
Created
3 days ago
v2.0
🇦🇺
Australia
dpi
about 21 hours ago
✨
Enable conditional/alternate directive values
Active
Code
Created
7 months ago
v2.0
🇨🇦
Canada
gapple
3 days ago
✨
Cache CSP header for dynamic requests
Needs work
Code
Created
over 1 year ago
v1.0
🇩🇪
Germany
mkalkbrenner
3 days ago
📌
Move settings & library policy alterations to own alter subscriber
Active
Code
Created
6 days ago
v2.0
🇨🇦
Canada
gapple
6 days ago
📌
Fix PHPStan errors
Active
Code
Created
8 days ago
v2.0
🇨🇦
Canada
gapple
8 days ago
✨
Add helper for safely appending nonce/hash sources
Fixed
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
8 days ago
📌
Loosen type-hint on library policy for logger
Fixed
Code
Created
10 days ago
v1.0
🇦🇺
Australia
larowlan
9 days ago
✨
Provides a filter to add nonce attribute to inline scripts.
Needs work
Code
Created
4 months ago
v1.0
🇪🇸
Spain
facine
10 days ago
💬
func_get_arg warning
Fixed
Code
Created
18 days ago
v2.0
🇪🇸
Spain
pcambra
14 days ago
📌
Use Choice config validation constraint
Postponed
Code
Created
10 months ago
v2.0
🇨🇦
Canada
gapple
14 days ago
📌
Automated Drupal 11 compatibility fixes for csp
Active
Code
Created
about 1 month ago
v1.0
Project Update Bot
16 days ago
📌
Deprecate Site Log reporting handler
RTBC
Code
Created
over 5 years ago
v1.0
🇨🇦
Canada
gapple
17 days ago
💬
Content-Security-Policy: The page’s settings blocked the loading of a resource at blob: (“default-src”).
Closed: cannot reproduce
Code
Created
about 1 month ago
v1.0
🇮🇳
India
manojprabakar_ss
18 days ago
✨
Generate and cache library info on hook_rebuild
Fixed
Code
Created
3 months ago
v2.0
🇷🇺
Russia
aa2007
25 days ago
✨
Add CSP entries on a per page basis
Active
Code
Created
about 1 month ago
v2.0
miiimooo
about 1 month ago
📌
Remove X-Frame-Options Header
Active
Code
Created
about 1 month ago
v2.0
🇨🇦
Canada
gapple
about 1 month ago
📌
Provide a README
Needs review
Code
Created
over 1 year ago
v1.0
🇯🇵
Japan
ptmkenny
about 2 months ago
🌱
Implement Policy Alter event in other modules
Fixed
Code
Created
over 4 years ago
v1.0
🇨🇦
Canada
gapple
3 months ago
📌
Consistent default active tab on the CSP settings form
Fixed
Code
Created
4 months ago
v2.0
🇳🇿
New Zealand
Gold
3 months ago
✨
Change handling 'none' with additional sources
Fixed
Code
Created
almost 4 years ago
v2.0
🇨🇦
Canada
gapple
4 months ago
✨
URIports Reporting provider
Closed: outdated
Code
Created
over 2 years ago
v1.0
🇨🇦
Canada
gapple
4 months ago
✨
Create script-src from script-src-attr and script-src-elem
Postponed
Code
Created
over 4 years ago
v2.0
🇨🇦
Canada
gapple
4 months ago
📌
Drop support for Drupal 10.0
Postponed
Code
Created
5 months ago
v2.0
🇨🇦
Canada
gapple
4 months ago
📌
Remove supression of 'none' behaviour deprecation warning
Active
Code
Created
4 months ago
v1.0
🇨🇦
Canada
gapple
4 months ago
📌
Only add header to relevant responses
Needs work
Code
Created
over 5 years ago
v2.0
🇨🇦
Canada
gapple
4 months ago
✨
Copy configuration between report-only and enforced
Active
Code
Created
almost 6 years ago
v2.0
🇨🇦
Canada
gapple
4 months ago
✨
Provide different CSP policy for private files
Active
Code
Created
almost 4 years ago
v2.0
🇨🇦
Canada
gapple
4 months ago
🌱
Improve handling of sources from libraries
Active
Code
Created
6 months ago
v2.0
🇨🇦
Canada
gapple
4 months ago
🌱
CSP 2.0
Active
Code
Created
over 5 years ago
v2.0
🇨🇦
Canada
gapple
4 months ago
📌
Remove code for Firefox bug 1313937
Postponed
Code
Created
5 months ago
v2.0
🇨🇦
Canada
gapple
4 months ago
📌
Throw deprecation warning if directive contains 'none' and other values
Fixed
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
4 months ago
🐛
Preserve 'report-sample' if directive contains 'none'
Fixed
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
4 months ago
📌
Update csp.admin.js to ES6
Fixed
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
4 months ago
🐛
Firefox bug fix doesn't detect hashes properly
Fixed
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
4 months ago
🐛
Hundreds of log entries: Uninitialized string offset: 0
Fixed
Code
Created
almost 3 years ago
v1.0
🇫🇮
Finland
Nchase
4 months ago
📌
Improve default config
Active
Code
Created
11 months ago
v1.0
🇨🇦
Canada
gapple
4 months ago
✨
Add hook_csp_policy_alter for themes
Fixed
Code
Created
5 months ago
v1.0
🇧🇪
Belgium
DieterHolvoet
4 months ago
🐛
drupalSettings.csp.nonce is missing
Fixed
Code
Created
5 months ago
v1.0
🇧🇪
Belgium
DieterHolvoet
4 months ago
📌
Support 'inline-speculation-rules' keyword
Active
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
5 months ago
✨
Add setting for pretty printing violoation reports in the log
Active
Code
Created
11 months ago
v1.0
🇬🇷
Greece
smavri
5 months ago
📌
Cleanup support for old versions of core
Fixed
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
5 months ago
📌
Cleanup use of deprecated watchdog_exception
Fixed
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
5 months ago
📌
Cleanup use of MASTER_REQUEST
Fixed
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
5 months ago
🌱
Drop support for Drupal 9
Fixed
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
5 months ago
🐛
CKEditor5 requires style-src 'unsafe-inline'
Fixed
Code
Created
8 months ago
v1.0
🇺🇸
United States
ChrisSnyder
5 months ago
🐛
Missing style-src-attr unsafe-inline on Views edit page
Postponed: needs info
Code
Created
over 2 years ago
v1.0
🇨🇿
Czech Republic
Bohus Ulrych
5 months ago
📌
Implementation of hook_help() in module file
Needs work
Code
Created
about 1 year ago
v1.0
🇮🇳
India
Pracheth
5 months ago
✨
Use full file path for external library sources
Needs work
Code
Created
over 2 years ago
v1.0
🇳🇱
Netherlands
Arkener
5 months ago
📌
Remove code to disable inline anti-flicker js
Fixed
Code
Created
5 months ago
v1.0
🇨🇦
Canada
gapple
5 months ago
📌
Configure Gitlab CI
Fixed
Miscellaneous
Created
10 months ago
v1.0
🇨🇦
Canada
gapple
5 months ago
🐛
Error when there are installed modules with invalid library definitions
Fixed
Code
Created
5 months ago
v1.0
dmitriy-komarov
5 months ago
📌
Add a reference to csp_log in documentation
Fixed
Documentation
Created
6 months ago
v1.0
🇧🇪
Belgium
daften
5 months ago
🐛
CKEditor unsafe-inline should be triggered by core/ckeditor
Closed: outdated
Code
Created
over 2 years ago
v1.0
🇳🇱
Netherlands
Arkener
5 months ago
🐛
Paragraph module content with edit mode "closed" break CKEditor
Closed: outdated
Code
Created
almost 4 years ago
v1.0
🇺🇸
United States
bburg
5 months ago
🐛
CKEditor requires script-src-elem 'unsafe-inline'
Closed: outdated
Code
Created
about 3 years ago
v1.0
🇳🇱
Netherlands
Arkener
5 months ago
🐛
CKEditor does not work when big_pipe is used
Closed: outdated
Code
Created
almost 2 years ago
v1.0
🇩🇪
Germany
Harlor
5 months ago
💬
CSP Not Created With Additional img-src Values and GA or GTM Enabled
Closed: cannot reproduce
Code
Created
6 months ago
v1.0
🇺🇸
United States
jsokol
6 months ago
✨
CSP headers are overflowing when in maintenance mode (throws error 502)
Needs work
Code
Created
6 months ago
v1.0
🇧🇷
Brazil
lucasrossi
6 months ago
✨
Expose nonce for javascript libraries
Fixed
Code
Created
7 months ago
v1.0
🇨🇦
Canada
gapple
6 months ago
💬
Recommended way to add all Google supported domains for GA audience image
Active
Code
Created
6 months ago
v1.0
🇪🇸
Spain
pcambra
6 months ago
🌱
Better CSP support for themes
Active
Code
Created
6 months ago
v1.0
🇨🇦
Canada
gapple
6 months ago
✨
Allow script / style by nonce
Postponed
Code
Created
over 4 years ago
v1.0
🇨🇦
Canada
gapple
6 months ago
✨
Add nonce service
Fixed
Code
Created
8 months ago
v1.0
🇨🇦
Canada
gapple
7 months ago
✨
Make auto sources configurable
RTBC
Code
Created
over 2 years ago
v1.0
🇳🇱
Netherlands
Arkener
8 months ago
✨
Provide help text on how to handle scheme sources like "blob:"
Active
Documentation
Created
9 months ago
v1.0
🇺🇸
United States
bburg
9 months ago
🐛
PHP warning if adding multiple sources in string with extra spaces
Fixed
Code
Created
10 months ago
v1.0
🇨🇦
Canada
gapple
9 months ago
🐛
PHP warning if library asset provided by route is tagged as external
Fixed
Code
Created
10 months ago
v1.0
🇨🇦
Canada
gapple
9 months ago
🐛
Ability to disable a boolean directive in config
Fixed
Code
Created
11 months ago
v1.0
bgustafson
10 months ago
📌
Disable toolbar anti-flicker inline JS
Fixed
Code
Created
about 1 year ago
v1.0
🇨🇦
Canada
gapple
10 months ago
📌
PHP 8.2 - dynamic property creation is deprecated
Fixed
Code
Created
12 months ago
v1.0
🇺🇸
United States
Luke.Leber
10 months ago
🐛
Opened overlays can not be closed after AJAX call when using CSP Extras
Closed: outdated
Code
Created
almost 2 years ago
v1.0
🇧🇬
Bulgaria
divined
about 1 year ago
📌
Update argument order when calling EventDispatcher::dispatch()
Fixed
Code
Created
over 1 year ago
v1.0
🇮🇹
Italy
emanuelrighetto
over 1 year ago
✨
Provide alternative headers for legacy browsers
Closed: won't fix
Code
Created
over 1 year ago
v1.0
🇪🇸
Spain
penyaskito
about 1 year ago
📌
Drupal Coding Standards Issues | phpcs
Closed: outdated
Code
Created
over 1 year ago
v1.0
🇮🇳
India
samit.310@gmail.com
over 1 year ago
✨
Narrow application of 'unsafe-inline' for quickedit
Closed: won't fix
Code
Created
almost 4 years ago
v1.0
🇨🇦
Canada
gapple
over 1 year ago
🌱
[upstream] core/drupal.ajax library requires 'unsafe-inline'
Fixed
Code
Created
over 4 years ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
🐛
Add support for GET Ajax requests
Fixed
Code
Created
about 1 year ago
v1.0
🇫🇮
Finland
lauriii
about 1 year ago
📌
Update csp_extras to backport add_css from core 10.1
Fixed
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
gapple
about 1 year ago
contrib
.social
Blog
FAQ
Discussions
Production build 0.67.2
2024