Content Security Policy (CSP) for XenForo 2.2

JasonBrody

Active member
Hi Everyone !

Though there're several thread on this, but I couldn't figure out any appropriate one for latest XF 2.2 release .

So, could anyone provide information on how to configure CSP with latest XF ? (for additional info: I'm using cloudflare & adsense) .
 
Hi Everyone !

Though there're several thread on this, but I couldn't figure out any appropriate one for latest XF 2.2 release .

So, could anyone provide information on how to configure CSP with latest XF ? (for additional info: I'm using cloudflare & adsense) .
Since we don't use CF, I can't comment on that. For CSP in general, that was my first point of contact...


The CSP can be issued in Report Only mode using the Content-Security-Policy-Report-Only header instead. This means the browser will not enforce the policy, preventing it form breaking your site during testing, but you can see any violations or errors the policy would have created in the console. You can also use the report-uri directive to have the browser send you reports when violations occur. This is a great way to get feedback from your policy once it's out in the wild and you can read more details on how to implement that here: CSP and HPKP violation reporting with report-uri.io
 
Last edited:
Back
Top Bottom