Manual:Hooks/ContentSecurityPolicyDefaultSource
Jump to navigation
Jump to search
ContentSecurityPolicyDefaultSource | |
---|---|
Available from version 1.32.0 Modify the allowed CSP load sources. This affects all directives except for the script directive. |
|
Define function: |
public static function onContentSecurityPolicyDefaultSource( array &$defaultSrc, array $policyConfig, int $mode ) { ... }
|
Attach hook: |
In extension.json: {
"Hooks": {
"ContentSecurityPolicyDefaultSource": "MyExtensionHooks::onContentSecurityPolicyDefaultSource"
}
}
For MediaWiki ≤1.25: $wgHooks['ContentSecurityPolicyDefaultSource'][] = 'MyExtensionHooks::onContentSecurityPolicyDefaultSource';
|
Called from: | File(s): ContentSecurityPolicy.php |
For more information about attaching hooks, see Manual:Hooks.
For examples of extensions using this hook, see Category:ContentSecurityPolicyDefaultSource extensions.
If you want to add a script source, see the ContentSecurityPolicyScriptSource
hook.
Details[edit]
&$defaultSrc
: Array ofContent-Security-Policy
allowed sources$policyConfig
: Current configuration for theContent-Security-Policy
header$mode
:ContentSecurityPolicy::REPORT_ONLY_MODE
orContentSecurityPolicy::FULL_MODE
depending on type of header