Jump to navigation Jump to search
This page is a translated version of the page Manual:$wgCSPHeader and the translation is 50% complete.
Other languages:
English • ‎magyar • ‎polski • ‎日本語
MediaWiki の設定: $wgCSPHeader
Controls Content-Security-Policy header [Experimental]
許容される値:(boolean or array)

If an array, can have parameters:

  • 'default-src' If true or array (of additional urls) will set a default-src directive, which limits what places things can load from. If false or not set, will send a default-src directive allowing all sources.
  • 'includeCORS' If true or not set, will include urls from $wgCrossSiteAJAXdomains as an allowed load sources.
  • 'unsafeFallback' Add unsafe-inline as a script source, as a fallback for browsers that do not understand nonce-sources [default on].
  • 'useNonces' Require nonces on all inline scripts. If disabled and 'unsafeFallback' is on, then all inline scripts will be allowed [default true].
  • 'script-src' Array of additional places that are allowed to have JS be loaded from.
  • 'report-uri' true to use MW api [default], false to disable, string for alternate uri

Warning: May cause slowness on windows due to slow random number generator.