Manual:Hooks/ContentSecurityPolicyDefaultSource
| ContentSecurityPolicyDefaultSource | |
|---|---|
| Available from version 1.32.0 Modify the allowed CSP load sources. This affects all directives except for the script directive. | |
| Define function: | public static function onContentSecurityPolicyDefaultSource( array &$defaultSrc, array $policyConfig, int $mode ) { ... }
|
| Attach hook: | In extension.json:
{
"Hooks": {
"ContentSecurityPolicyDefaultSource": "MediaWiki\\Extension\\MyExtension\\Hooks::onContentSecurityPolicyDefaultSource"
}
}
|
| Called from: | File(s): Request/ContentSecurityPolicy.php |
| Interface: | ContentSecurityPolicyDefaultSourceHook.php |
For more information about attaching hooks, see Manual:Hooks.
For examples of extensions using this hook, see Category:ContentSecurityPolicyDefaultSource extensions.
If you want to add a script source, see the ContentSecurityPolicyScriptSource hook.
Details
[edit]&$defaultSrc: Array ofContent-Security-Policyallowed sources$policyConfig: Current configuration for theContent-Security-Policyheader$mode:ContentSecurityPolicy::REPORT_ONLY_MODEorContentSecurityPolicy::FULL_MODEdepending on type of header