jfd/craft-csp-report
Composer 安装命令:
composer require jfd/craft-csp-report
包简介
Sets a Content-Security-Policy-Report-Only header, creates an action to receive CSP violation reports, and logs them to a file.
README 文档
README
Sets a Content-Security-Policy-Report-Only header, creates an action to receive CSP violation reports, and logs them to a file.
Requirements
This plugin requires Craft CMS 5.9.0 or later, and PHP 8.3 or later.
How to install
- Install the composer package:
composer require jfd/craft-csp-report
- Install the plugin:
php craft plugin/install _csp-report
How to use
Once installed, the plugin will add a Content-Security-Policy-Report-Only header to all pages.
Violations will be reported to /actions/_csp-report/report/log, which will log the violation to storage/csp-report/csp-report.json.
The contents of this file can be viewed at /actions/_csp-report/report/get.
Whitelisting sources
To whitelist known-good sources:
-
Using the config.php file in the plugin directory as an example, create config/_csp-report.php in your Craft project.
-
Add the sources you wish to whitelist using the following format:
return [
'allowedSources' => [
'script-src' => ["https://cdn.example.com", "'unsafe-inline'"],
'style-src' => ["https://fonts.googleapis.com", "'unsafe-inline'"],
'img-src' => ["https://images.example.com", "data:"],
'font-src' => ["https://fonts.gstatic.com"],
'connect-src' => ["https://api.example.com"],
],
];
Once done, the whitelisted sources will no longer be reported as violations.
How to update this package
After making your changes, tag the release:
git tag 1.0.1 # increment the release version as required
git push --tags
统计信息
- 总下载量: 466
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: Unknown
- 更新时间: 2026-02-27