Module Description
The Content-Security-Policy header allows your Drupal site to inform browsers of trusted sources for JavaScript, CSS, and other external resources. This adds a security layer to detect and mitigate the risk of Cross Site Scripting (XSS), data injection, and other vulnerabilities.
Features
* Integrates with Drupal's Libraries API to automatically generate a default site-wide policy for JavaScript and CSS
* Up-to-date with the latest CSP Level 3 Working Draft
* Policy is automatically optimized to remove duplicate directives and reduce header length
* Dispatches an event to allow other modules to alter policies for each request
* Policy Violation logging integrations:
* Reporting module
* Sentry (via Raven module)
* Report-URI.com
* For Drupal core < 10.1
* Automatically adds 'unsafe-inline' to individual requests when necessary for core libraries (core/ckeditor, core/drupal.ajax)
* The included Content Security Policy Extras module provides additional security hardening by altering core services.
Get Involved If you're interested in getting involved in module development but don't know where to start, reach out to gapple (@gappleca on Twitter).
Features
* Integrates with Drupal's Libraries API to automatically generate a default site-wide policy for JavaScript and CSS
* Up-to-date with the latest CSP Level 3 Working Draft
* Policy is automatically optimized to remove duplicate directives and reduce header length
* Dispatches an event to allow other modules to alter policies for each request
* Policy Violation logging integrations:
* Reporting module
* Sentry (via Raven module)
* Report-URI.com
* For Drupal core < 10.1
* Automatically adds 'unsafe-inline' to individual requests when necessary for core libraries (core/ckeditor, core/drupal.ajax)
* The included Content Security Policy Extras module provides additional security hardening by altering core services.
Get Involved If you're interested in getting involved in module development but don't know where to start, reach out to gapple (@gappleca on Twitter).
Module Link
Project Usage
12465
Security Covered
Covered By Security Advisory
Version Available
Production
Module Summary
The Content-Security-Policy module aims to enhance Drupal site security by implementing a policy to inform browsers of trusted sources for external resources, reducing the risk of XSS, data injection, and other vulnerabilities.
Data Name
csp