Dotclear


Ignore:
Timestamp:
08/27/16 12:34:53 (9 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Message:

Add a CSP Report only option for admin (see about:config), default → false

File:
1 edited

Legend:

Unmodified
Added
Removed

  • inc/admin/lib.dc.page.php

    r3320 r3326  
    137137                         $directives[] = "report-uri ".DC_ADMIN_URL."csp_report.php"; 
    138138                    } 
    139                     $headers['csp'] = "Content-Security-Policy: ".implode(" ; ",$directives); 
     139                    $report_only = ($core->blog->settings->system->csp_admin_report_only) ? '-Report-Only' : ''; 
     140                    $headers['csp'] = "Content-Security-Policy".$report_only.": ".implode(" ; ",$directives); 
    140141               } 
    141142          } 
Note: See TracChangeset for help on using the changeset viewer.

Sites map