Skip to content

bestpractical/rt-extension-csp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
html
html
 
 
inc
inc
 
 
lib/RT/Extension
lib/RT/Extension
 
 
.gitignore
.gitignore
 
 
Changes
Changes
 
 
META.yml
META.yml
 
 
Makefile.PL
Makefile.PL
 
 
README
README
 
 

Repository files navigation

NAME
    RT-Extension-CSP - View Content Security Policy Reports

DESCRIPTION
    This extension helps test with and view Content Security Policy Reports
    for various CSP settings.

RT VERSION
    Works with RT 5.0.6

INSTALLATION
    perl Makefile.PL
    make
    make install
        May need root permissions

    Edit your /opt/rt4/etc/RT_SiteConfig.pm
        Add this line:

            Plugin('RT::Extension::CSP');

    Clear your mason cache
            rm -rf /opt/rt5/var/mason_data/obj

    Restart your webserver

CONFIGURATION
    Use the following to set the CSP you want to test with.

  $CSPReportURI
    By default, this is set to /NoAuth/CSP-Report.html, which is provided
    with this extension. This endpoint will accept the POSTed CSP reports
    sent by the browser and print them to your log at the debug level.

    You can set a different value if you have a custom alternate endpoint to
    send these reports to.

        Set($CSPReportURI, '/my/custom/csp-report');

    Note that this may not work in all browsers. Reports have been confirmed
    with Firefox on Mac.

    If you don't see CSP information in your RT logs, you can still set the
    headers below and use the browser console to see CSP notices.

  $CSPDirective
    The directive for the Content-Security-Policy header.

    By default, this is not set.

    Setting a value may cause RT to stop working as expected. This is
    provided as a tool to help with testing.

        Set($CSPDirective, "default-src 'none';");

    See Content Security Policy
    <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Secur
    ity-Policy> for values.

  <$CSPReportDirective>
    The directive for the Content-Security-Policy-Report-Only header.

    This will cause the browser to report CSP issues, but still render the
    page as normal.

    By default, it uses the most restrictive default-src 'none';.

    Provide only the CSP rules, including semicolons. Do not provide the
    report-to part. That is added automatically based on the $CSPReportURI.

        Set($CSPReportDirective, "default-src 'none';");

AUTHOR
    Best Practical Solutions, LLC <[email protected]>

    All bugs should be reported via email to
        [email protected]
    or via the web at
        http://rt.cpan.org/Public/Dist/Display.html?Name=RT-Extension-CSP
LICENSE AND COPYRIGHT
    This software is Copyright (c) 2024 by Best Practical Solutions, LLC

    This is free software, licensed under:

      The GNU General Public License, Version 2, June 1991

About

metacpan.org/release/rt-extension-csp

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages