Content Security Policy: Options: Difference between revisions
From Joomla! Documentation
Marked this version for translation |
No edit summary |
||
| Line 110: | Line 110: | ||
<translate> | <translate> | ||
<!--T:37--> | <!--T:37--> | ||
* To review the collected reports please see: [[ | * To review the collected reports please see: [[Help40:Components_CSP_Reports/en|Components CSP Reports]] | ||
* More details on HTTP Header Tools in 4.x: [[S:MyLanguage/J4.x:Http_Header_Management|Http Header Management]] | * More details on HTTP Header Tools in 4.x: [[S:MyLanguage/J4.x:Http_Header_Management|Http Header Management]] | ||
* Please note that this Component requires the Plugin '''System - HTTP Headers''' (plg_system_httpheaders) to be enabeld.</translate> | * Please note that this Component requires the Plugin '''System - HTTP Headers''' (plg_system_httpheaders) to be enabeld.</translate> | ||
{{Cathelp|4.0|Components Help Screens}} | {{Cathelp|4.0|Components Help Screens}} | ||
Revision as of 11:13, 6 August 2020
Components Help Screens
- Components Banners Banners Options
- Components Check-in Configuration
- Components Plug-in Manager Options
- Components Search
- Components Web Links Manager Options
- Components Version History
- Components Weblinks Links Edit
- Components Weblinks Links
- Components Search Manager Options
- Components Weblinks Categories
- Components Weblinks Categories Edit
- Plugin: Options
- Multilingual Associations
- Multilingual Associations: Edit
- Banners
- Banners: Edit
- Banners: Categories
- Banners: New or Edit Category
- Banners: Clients
- Banners: New or Edit Client
- Banners: Tracks
- Multilingual Associations: Options
- Installer: Options
- Languages: Options
- Menus: Options
- Messages: Options
- Redirect: Options
- Tags: Options
- Template: Options
- Contacts: Categories
- Contacts
- Content Security Policy Reports
- Smart Search: Content Maps
- Smart Search: Indexed Content
- Smart Search: Search Term Analysis
- Smart Search: Search Filters
- Smart Search: New or Edit Filter
- Private Messages
- Private Messages: Read
- Private Messages: Write
- News Feeds: Categories
- News Feeds
- Redirects: Links
- Redirects: New or Edit
- Tags
- Tags: New or Edit
- Stages List: Basic Workflow
- Transitions List: Basic Workflow
- Workflows List
- Users: Viewing Access Levels
- Mail Templates: Options
- Mail Template: Edit
- Scheduled Tasks: Options
- Scheduled Tasks
- Scheduled Tasks: Edit
- Joomla Update
- Components Joomla Update
- Contacts: Edit
- Contacts: Edit Category
- News Feeds: Edit
- News Feeds: Edit Category
- Field Groups
- Field Groups: Edit
- Fields: Edit
- Modules: Options
- Mail Templates
Overview
Used to set up the Content-Security-Policy on a Joomla! website.
How to Access
- Click the menu entry System at the left menu to access the System Dashboard
- Select Content-Security-Policy from the Manage section.
- Click the button Options
Description
The Content-Security-Policy Options overview is used to set up the Content-Security-Policy on a Joomla! website.
Screenshot
Details and Options
Content-Security-Policy (CSP)
These options control the Content-Security-Policy.
- Content Security Policy (CSP). (Enabled/Disabled) Whether to Enable or Disable the Content-Security-Policy.
- Mode. (Custome/Detect/Automatic) Configures the mode the plugin generates the Content-Security-Policy on. The Custom mode allows manual configuration. The Detect mode enables the report collection and the automatic mode uses the collected reports to generate the Content-Security-Policy.
- Report-Only. (Enabled/Disabled) Use the header 'Content-Security-Policy-Report-Only' instead of 'Content-Security-Policy'.
- Nonce. (Enabled/Disabled) Enable the whitelist for specific inline scripts using a cryptographic nonce (number used once) for all scripts and styles using the Joomla API. Specifying a nonce makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without nonce support.
- Script hashes. (Enabled/Disabled) Enable the optional hash based whitelist inline scripts using a cryptographic hash for all scripts using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support.
- Style hashes. (Enabled/Disabled) Enable the optional hash based whitelist inline styles using a cryptographic hash for all styles using the Joomla API. Specifying hashes makes a modern browser ignore 'unsafe-inline' which should still be set for older browsers without hash support.
- frame-ancestors 'self'. (Enabled/Disabled)Enable the CSP clickjacking protection frame-ancestors and only allow the origin 'self'. Please use the form below to allow origins other than 'self'.
- Add Directive. (Subform) You can use this subform to add as many entries as you want for the Content-Security-Policy by setting the Policy Directive, Value and Client.
Permissions
This section lets you set up the default ACL permissions for the Content-Security-Policy Component To change the permissions for this extension, do the following.
- Select the Group by clicking its title located on the left.
- Find the desired Action. Possible Actions are:
- Configure ACL & Optons. Users can edit the options and permissions of this extension.
- Configure Optons Only. Users can edit the options exept the permissions of this extension.
- Access Administration Interface. Users can access user administration interface of this extension.
- Create: Users can create content of this extension.
- Delete: Users can delete content of this extension.
- Edit: Users can edit content of this extension.
- Edit State: User can change the published state and related information for content of this extension.
- Edit Own: Users can edit own created content of this extension.
- Select the desired permission for the action you wish to change. Possible settings are:
- Inherited: Inherited for users in this Group from the Global Configuration permissions of this extension.
- Allowed: Allowed for users in this Group. Note that, if this action is Denied at one of the higher levels, the Allowed permission here will not take effect. A Denied setting cannot be overridden.
- Denied: Denied for users in this Group.
- Click Save in Toolbar at top. When the screen refreshes, the Calculated Setting column will show the effective permission for this Group and Action.
Toolbar
At the top left of the Content-Security-Policy Options window you will see the toolbar. The functions are:
- Save. Saves the Content-Security-Policy options and stays in the current screen.
- Save & Close. Saves the Content-Security-Policy options and closes the current screen.
- Cancel. Closes the current screen and returns to the previous screen without saving any modifications you may have made.
- Help. Opens this help screen.
Quick Tips
- By default the Content-Security-Policy is disabled and has to be enabled and configured.
Related Information
- To review the collected reports please see: Components CSP Reports
- More details on HTTP Header Tools in 4.x: Http Header Management
- Please note that this Component requires the Plugin System - HTTP Headers (plg_system_httpheaders) to be enabeld.