no CSP for unlogged visitors

  • Resolved mattmary

    (@mattmary)


    3 years, 6 months ago

    Hi there,

    it’s quite strange but I don’t have any CSP setted in the headers when I’m not logged in.
    I have some in the admin and when I’m logged.
    For the three cases I’m in enforce mode.
    Any help would be appreciated

    Mat

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter mattmary

    (@mattmary)

    the problem was there was a line feed in one of my directives and it makes fail the header. Maybe a str_replace when saving could avoid these errors.

    Plugin Author Patrick Sletvold

    (@16patsle)

    Hi, and sorry for not responding earlier. Happy to see you figured it out.

    You are indeed right that a str_replace should fix it, it was simply an oversight on my part not to consider that the chosen header could include newlines. Thanks for pointing it out!

    There are probably other characters that can affect the output too, so I’ll have a close look at the specification for how the header is parsed by browsers. Should be included in the next update, I hope.

    Best regards,
    Patrick Sletvold

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘no CSP for unlogged visitors’ is closed to new replies.