hummingbird icon indicating copy to clipboard operation
hummingbird copied to clipboard
verified publisher icon PrestaShop

Enable strict CSP headers

Open bibips opened this issue 9 months ago • 1 comments

Hi,

Security is paramount on an ecommerce site, so this new theme must be built in such a way as to enable CSP headers. To allow a strict policy for CSP headers to be set the theme must follows some rules like no javascript outside js files or css outside css files.

Currently the theme still contains inline style : https://github.com/search?q=repo%3APrestaShop%2Fhummingbird%20style%3D%22&type=code. Inline style should be replaced by class.

bibips avatar Mar 05 '25 13:03 bibips

@bibips replacing inline style by class would remove the capability to customize it

PrestaShop is a CMS so it has to be customizable.

To allow a strict policy for CSP headers to be set the theme must follows some rules like no javascript outside js files or css outside css files.

I don't understand why you say this. It is possible to implement a strict policy for CSP headers with inline styling.

Inline JavaScript is a different story. But inline CSS?

matks avatar Mar 05 '25 14:03 matks

Hi,

I’m closing this issue as it’s out of context for Hummingbird CSS.

tblivet avatar Nov 10 '25 17:11 tblivet