DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
plugin:cspheader

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
plugin:cspheader [2011-06-23 18:42] – [Discussion] lupo49plugin:cspheader [2024-04-16 02:23] (current) – [Configuration and Settings] fix grammar dregad
Line 1: Line 1:
-====== CSPheader Plugin ======+====== cspheader Plugin ======
  
 ---- plugin ---- ---- plugin ----
-description: Injects Content Security Policy (CSP) headers.  +description: Injects the Content Security Policy (CSP) header in DokuWiki pages
-author     : Matthias Schulte +author     : Damien Regad (original author: Matthias Schulte) 
-email      : post@lupo49.de +email      : dregad@mantisbt.org 
 type       : action type       : action
-lastupdate : 2011-06-23 +lastupdate : 2024-04-13 
-compatible : Rincewind+compatible : Rincewind, Frusterick Manners, Greebo, Hogfather, Igor, Jack Jackrum, Kaos+
 depends    :  depends    : 
 conflicts  conflicts 
Line 13: Line 13:
 tags       : header, http, security, policy tags       : header, http, security, policy
  
-downloadurl: https://github.com/lupo49/plugin-cspheader/tarball/master +downloadurl: https://github.com/dregad/dokuwiki-plugin-cspheader/tarball/master 
-bugtracker : https://github.com/lupo49/plugin-cspheader/issues +bugtracker : https://github.com/dregad/dokuwiki-plugin-cspheader/issues 
-sourcerepo : https://github.com/lupo49/plugin-cspheader+sourcerepo : https://github.com/dregad/dokuwiki-plugin-cspheader
 donationurl:  donationurl: 
 +
 +screenshot_img : 
 ---- ----
  
 ===== Installation ===== ===== Installation =====
  
-^  Download [[https://github.com/lupo49/plugin-cspheader/tarball/master|Current archive from github]] |+Download and install the plugin using the [[plugin:extension|Extension Manager]]. Refer to [[:Plugins]] on how to install plugins manually.
  
-Use this address to install this plugin by using the plugin manager.+===== Description ===== 
 + 
 +[[wp>Content_Security_Policy|Content Security Policy]] helps preventing cross-site scripting (XSS) attacks. With the CSP header enabled, Firefox won't execute JavaScript code which is embedded in HTML documents. It also denies loading code from external places which are not authorized by the CSP header. 
 + 
 +For further information, visit the following pages: 
 + 
 +  * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP 
 +  * https://content-security-policy.com/
  
 ===== Configuration and Settings ===== ===== Configuration and Settings =====
  
-Configuration options can be found on Mozilla'official page: [[https://developer.mozilla.org/en/Security/CSP/CSP_policy_directives|CSP policy directives]] +Define your Policy as appropriate via your site's [[config|Configuration Manager]], under the //Cspheader// section.
-\\ +
-The directives and the related values can be defined in the configuration manager.+
  
 +Details for each CSP Directive can be found on [[https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy|MDN Web Docs]].
 +A direct link to each Directive's documentation is provided in the config page.
 +
 +Please note that DokuWiki (and possibly at least some plugins) require the use of inline scripts. This means you should not create policies that completely forbid their use.
 +
 +In [[devel:develonly]] you can make use of a [[https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/nonce|NONCE]] to authorize scripts created by DokuWiki only, while still be protected from maliciously injected inline scripts. To do so, you can use the ''NONCE'' placeholder in your configuration. It will be automatically replaced by a one-time code on each request.
 +
 +Eg. the //script-src// directive might use ''nonce-NONCE'' resulting in a header ''script-src: 'nonce-1cccd1f6fb2939edd9fa9372b67017b3';'' or similar.
 ===== Development ===== ===== Development =====
  
-=== Change Log ===+=== Revision history (Github releases) === 
 + 
 +{{rss>https://github.com/dregad/dokuwiki-plugin-cspheader/releases.atom 5}} 
 + 
 +The complete [[https://github.com/dregad/dokuwiki-plugin-cspheader/releases|list of releases and change log]] is available on Github. 
 + 
 + 
 +=== Recent commits === 
 + 
 +{{rss>https://github.com/dregad/dokuwiki-plugin-cspheader/commits/master.atom 5 author date}} 
 + 
 +Full [[https://github.com/dregad/dokuwiki-plugin-cspheader/commits/master|Git log]]. 
 + 
 +=== Known Bugs and Issues === 
 + 
 +Please refer to the plugin's [[https://github.com/dregad/dokuwiki-plugin-cspheader/issues|Issue tracker on Github]].
  
-{{rss>http://github.com/lupo49/plugin-cspheader/commits/master.atom date}} 
  
 === ToDo/Wish List === === ToDo/Wish List ===
  
-  * Add support for the rest of supported directives+Requests for new features and enhancements should be filed on [[https://github.com/dregad/dokuwiki-plugin-cspheader/issues|Github]].
  
 +===== History / Credits =====
  
-===== Discussion =====+This plugin's original version was released in 2011 by **Matthias Schulte**, a.k.a lupo49. His last recorded maintenance activity on the project was in 2016, after which he stopped responding to submitted issues and pull requests.
  
 +In January 2021, Damien Regad decided to take over the plugin's maintenance, and integrate the changes he and Andi Gohr had submitted as pull requests.
  
  
  
plugin/cspheader.1308847322.txt.gz · Last modified: 2011-06-23 18:42 by lupo49
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links