承接 jfd/craft-csp-report 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

jfd/craft-csp-report

Composer 安装命令:

composer require jfd/craft-csp-report

包简介

Sets a Content-Security-Policy-Report-Only header, creates an action to receive CSP violation reports, and logs them to a file.

README 文档

README

Sets a Content-Security-Policy-Report-Only header, creates an action to receive CSP violation reports, and logs them to a file.

Requirements

This plugin requires Craft CMS 5.9.0 or later, and PHP 8.3 or later.

How to install

  1. Install the composer package:
composer require jfd/craft-csp-report
  1. Install the plugin:
php craft plugin/install _csp-report

How to use

Once installed, the plugin will add a Content-Security-Policy-Report-Only header to all pages.

Violations will be reported to /actions/_csp-report/report/log, which will log the violation to storage/csp-report/csp-report.json.

The contents of this file can be viewed at /actions/_csp-report/report/get.

Whitelisting sources

To whitelist known-good sources:

  1. Using the config.php file in the plugin directory as an example, create config/_csp-report.php in your Craft project.

  2. Add the sources you wish to whitelist using the following format:

return [
    'allowedSources' => [
        'script-src' => ["https://cdn.example.com", "'unsafe-inline'"],
        'style-src'  => ["https://fonts.googleapis.com", "'unsafe-inline'"],
        'img-src'    => ["https://images.example.com", "data:"],
        'font-src'   => ["https://fonts.gstatic.com"],
        'connect-src' => ["https://api.example.com"],
    ],
];

Once done, the whitelisted sources will no longer be reported as violations.

How to update this package

After making your changes, tag the release:

git tag 1.0.1 # increment the release version as required
git push --tags

统计信息

  • 总下载量: 466
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 0
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: Unknown
  • 更新时间: 2026-02-27

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固