+- ZenphotoCMS Forum (https://forum.zenphoto.org)
+-- Forum: Support (https://forum.zenphoto.org/forum-1.html)
+--- Forum: General support (https://forum.zenphoto.org/forum-4.html)
+--- Thread: No Csp (/thread-14003.html)
No Csp - ctdlg - 25-11-2024
Hello,
Lighthouse gives me a warning :
No CSP found in compliance mode.
Should I add
Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self';"
in my .htaccess file ?
No Csp - acrylian - 25-11-2024
There is a http_security_header plugin included you can set such headers.
No Csp - ctdlg - 26-11-2024
This http_security_header plugin seems really great. I do not know why I have not tried it before.
I will read the 22 pages (plugin links) to fully understand how to use it.
Thank you acrylian.
No Csp - acrylian - 26-11-2024
In practice you mostly need a few things. A lot it provides is rather advanced to setup and can even cause problems on your site if set wrong.
No Csp - ctdlg - 26-11-2024
What settings would you suggest ?
Zemphoto users could also be interested.
You could add your suggestions in your online manual pages !
No Csp - acrylian - 27-11-2024
On our own site we only have Content Security Policy, XSS-Protection and Referrer Policy = Same Origin enabled.
I really cannot recommend any standard setting as this is not ZP specific and depends. As you noticed there are docs linked for more info.