Page MenuHomePhabricator

add $wgCSPHeader CSP Content Security Policy compatibility with $wgUseFileCache file cache
Open, Needs TriagePublic

Description

$wgCSPHeader is currently incompatible with $wgUseFileCache.

Quote $wgCSPHeader:

It is not compatible with $wgUseFileCache

Is this something fixable?

Could the CSP be included in the generated file cache HTML files?

Policy Delivery

CSP can be delivered to the user agent in different techniques.

Content-Security-Policy HTTP response header field. This is the most preferred technique. <meta> HTML element with http-equiv attribute set to Content-Security-Policy. These elements need to be placed as early as possible in the documents.

Event Timeline

adrelanos renamed this task from add $wgCSPHeader CSP Content Security Policy compatbility with $wgUseFileCache file cache to add $wgCSPHeader CSP Content Security Policy compatibility with $wgUseFileCache file cache.Dec 14 2020, 12:46 PM