Classes
\Silverstripe\CSP
Name | Description | |
---|---|---|
CSPMiddleware | No description available | EMPTY |
ClearSRITask | No description available | EMPTY |
Directive | No description available | EMPTY |
Keyword | No description available | EMPTY |
NonceGenerator | This generates the nonce's, you can implement your own version otherwise by default we're using the random string implementation | EMPTY |
RandomString | No description available | EMPTY |
Scheme | No description available | EMPTY |
Value | No description available | EMPTY |
\Silverstripe\CSP\Fragments
Name | Description | |
---|---|---|
GoogleMaps | No description available | EMPTY |
GoogleTagManager | https://developers.google.com/tag-manager/web/csp | EMPTY |
Hotjar | https://help.hotjar.com/hc/en-us/articles/115011640307-Content-Security-Policies | EMPTY |
ImagesOverHTTPs | Quite often it's hard to know all image sources that are safe, therefore we can opt to go for HTTPs only images and make the assumption that this kind of attack would not have a large impact on our sites | EMPTY |
Recaptcha | Googles Recaptcha https://developers.google.com/recaptcha/docs/faq#im-using-content-security-policy-csp-on-my-website.-how-can-i-configure-it-to-work-with-recaptcha | EMPTY |
Swiftype | This is swiftype currently with the expectation that images are loaded over HTTPs and enabled via | EMPTY |
Docs for this one are super average so will take some trial and error: https://business.twitter.com/en/help/campaign-measurement-and-analytics/conversion-tracking-for-websites.html | EMPTY | |
Vimeo | This allows you to have a vimeo video embeded on the site | EMPTY |
YouTube | This allows you to have a youtube video embeded on the site | EMPTY |
\Silverstripe\CSP\Policies
Name | Description | |
---|---|---|
Basic | No description available | EMPTY |
CMS | No description available | EMPTY |
Policy | No description available | EMPTY |
\Silverstripe\CSP\Requirements
Name | Description | |
---|---|---|
CSPBackend | insertHeadTags is not currently supported, ideally you should not use that method as it's clunky and doesn't provide a clear method for checking for script/style dom nodes | EMPTY |
DevBuildExtension | No description available | EMPTY |
SRIRecord | No description available | EMPTY |
\Silverstripe\CSP\Tests
Name | Description | |
---|---|---|
DirectiveTest | No description available | EMPTY |
NonceTest | No description available | EMPTY |
SRITest | No description available | EMPTY |
TemplateTest | No description available | EMPTY |