Manual:Hooks/ContentSecurityPolicyDefaultSource

From MediaWiki.org
Jump to navigation Jump to search
ContentSecurityPolicyDefaultSource
Available from version 1.32.0
Modify the allowed CSP load sources. This affects all directives except for the script directive.
Define function:
public static function onContentSecurityPolicyDefaultSource( array &$defaultSrc, array $policyConfig, int $mode ) { ... }
Attach hook:

In extension.json:

{
	"Hooks": {
		"ContentSecurityPolicyDefaultSource": "MyExtensionHooks::onContentSecurityPolicyDefaultSource"
	}
}

For MediaWiki ≤1.25:

$wgHooks['ContentSecurityPolicyDefaultSource'][] = 'MyExtensionHooks::onContentSecurityPolicyDefaultSource';
Called from:File(s): ContentSecurityPolicy.php

For more information about attaching hooks, see Manual:Hooks.
For examples of extensions using this hook, see Category:ContentSecurityPolicyDefaultSource extensions.

If you want to add a script source, see the ContentSecurityPolicyScriptSource hook.

Details[edit]

  • &$defaultSrc: Array of Content-Security-Policy allowed sources
  • $policyConfig: Current configuration for the Content-Security-Policy header
  • $mode: ContentSecurityPolicy::REPORT_ONLY_MODE or ContentSecurityPolicy::FULL_MODE depending on type of header