Open main menu


This page is a translated version of the page Manual:$wgCSPHeader and the translation is 75% complete.

Other languages:
English • ‎dansk • ‎magyar • ‎polski • ‎日本語
MediaWiki-beállítások: $wgCSPHeader
A Content-Security-Policy-fejlécet állítja be [kísérleti]
Megengedett értékek:(boolean or array)
Alapértelmezett érték:false

If an array, can have parameters:

  • 'default-src' If true or array (of additional urls) will set a default-src directive, which limits what places things can load from. If false or not set, will send a default-src directive allowing all sources.
  • 'includeCORS' If true or not set, will include urls from $wgCrossSiteAJAXdomains as an allowed load sources.
  • 'unsafeFallback' Add unsafe-inline as a script source, as a fallback for browsers that do not understand nonce-sources [default on].
  • 'useNonces' Require nonces on all inline scripts. If disabled and 'unsafeFallback' is on, then all inline scripts will be allowed [default true].
  • 'script-src' Array of additional places that are allowed to have JS be loaded from.
  • 'report-uri' true to use MW api [default], false to disable, string for alternate uri

Warning: May cause slowness on windows due to slow random number generator.

Lásd még