Manual:$wgCSPFalsePositiveUrls

From MediaWiki.org
Jump to: navigation, search

Other languages:
English • ‎español • ‎日本語 • ‎polski
Site customization: $wgCSPFalsePositiveUrls
Controls what URLs to ignore in upcoming Content-Security-Policy feature's reporting.
Introduced in version: 1.28.0 (Gerrit change 306765; git #d84479c4)
Removed in version: still in use
Allowed values: array
Default value:
$wgCSPFalsePositiveUrls = [
	'https://3hub.co' => true,
	'https://morepro.info' => true,
	'https://p.ato.mx' => true,
	'https://s.ato.mx' => true,
	'https://adserver.adtech.de' => true,
	'https://ums.adtechus.com' => true,
	'https://cas.criteo.com' => true,
	'https://cat.nl.eu.criteo.com' => true,
	'https://atpixel.alephd.com' => true,
	'https://rtb.metrigo.com' => true,
	'https://d5p.de17a.com' => true,
];
Other settings: Alphabetical | By function

List of urls which appear often to be triggering CSP reports but do not appear to be caused by actual content, but by client software inserting scripts (i.e. Ad-Ware). List based on results from Wikimedia logs.

A value of true for a certain URL activates it as a false-positive.

The default value is based on URLs of spam that comes into the Wikimedia log files, based on testing on elwiki.