NelmioSecurityBundle icon indicating copy to clipboard operation
NelmioSecurityBundle copied to clipboard
verified publisher icon nelmio

[Feature request] Per-page CSP configuration

Open stof opened this issue 6 years ago • 3 comments

The clickjacking protection supports applying a different configuration for different paths. It would be great if CSP could do it as well.

See https://github.blog/2016-04-12-githubs-csp-journey/#connect-src which describes a use case that Github has for this (which is also what gave me the idea to request it here. My own CSP journey is not yet at the point where I would need it, but it might come).

stof avatar Jun 07 '19 15:06 stof

We have another example: Sonata Admin uses inline JS. Enabling this for the whole site would be really irresponsible.

kiler129 avatar Jul 03 '19 16:07 kiler129

Another example would be allowing data: in img-src and unsafe-inline in style-src for googlemaps api. I dont need the api on every page

alxndrbauer avatar Oct 11 '19 10:10 alxndrbauer