Anmelden Registrieren
System Apps
Fehler melden Fortunate Hilfe IRC Chat Like Us Pong QRator Sprache Suche Verzeichnis Zufälliger Kanal

Hubzilla-Dokumentation

This page is not yet available in Deutsch. See /help/developer/developer_guide#Translations for information about how to help.
Inhalt

    content_security_policy


    Called to modify CSP settings prior to the output of the Content-Security-Policy header.

    This hook permits addons to modify the content-security-policy if necessary to allow loading of foreign js libraries or css styles.

    if(App::$config['system']['content_security_policy']) {
            $cspsettings = Array (
                    'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"),
                    'style-src' => Array ("'self'","'unsafe-inline'")
            );
            call_hooks('content_security_policy',$cspsettings);

            // Legitimate CSP directives (cxref: https://content-security-policy.com/)
            $validcspdirectives=Array(
                    "default-src", "script-src", "style-src",
                    "img-src", "connect-src", "font-src",
                    "object-src", "media-src", 'frame-src',
                    'sandbox', 'report-uri', 'child-src',
                    'form-action', 'frame-ancestors', 'plugin-types'
            );
            $cspheader = "Content-Security-Policy:";
            foreach ($cspsettings as $cspdirective => $csp) {
                    if (!in_array($cspdirective,$validcspdirectives)) {
                            logger("INVALID CSP DIRECTIVE: ".$cspdirective,LOGGER_DEBUG);
                            continue;
                    }
                    $cspsettingsarray=array_unique($cspsettings[$cspdirective]);
                    $cspsetpolicy = implode(' ',$cspsettingsarray);
                    if ($cspsetpolicy) {
                            $cspheader .= " ".$cspdirective." ".$cspsetpolicy.";";
                    }
            }
            header($cspheader);
    }

    see: boot.php