Manual:Hooks/ContentSecurityPolicyScriptSource

From MediaWiki.org
Jump to navigation Jump to search
ContentSecurityPolicyScriptSource
Available from version 1.32.0
Modify the allowed CSP script sources.
Define function:
public static function onContentSecurityPolicyScriptSource( array &scriptSrc, array $policyConfig, int $mode ) { ... }
Attach hook:

In extension.json:

{
	"Hooks": {
		"ContentSecurityPolicyScriptSource": "MyExtensionHooks::onContentSecurityPolicyScriptSource"
	}
}

For MediaWiki ≤1.25:

$wgHooks['ContentSecurityPolicyScriptSource'][] = 'MyExtensionHooks::onContentSecurityPolicyScriptSource';
Called from:File(s): ContentSecurityPolicy.php

For more information about attaching hooks, see Manual:Hooks.
For examples of extensions using this hook, see Category:ContentSecurityPolicyScriptSource extensions.

Note that you also have to use ContentSecurityPolicyDefaultSource if you want non-script sources to be loaded from whatever you add.

Details[edit]

  • &$scriptSrc: Array of Content-Security-Policy directives
  • $policyConfig: Current configuration for the Content-Security-Policy header
  • $mode: ContentSecurityPolicy::REPORT_ONLY_MODE or ContentSecurityPolicy::FULL_MODE depending on type of header