Adds a module to the admin site for easy configuration of Content Security Policy (CSP) headers for web channels.
Once installed, a new module appears in the navigation and the dashboard:
Screen for creating a new CSP configuration (on a per source url basis):
Listing shows all configurations, including which web channel they are assigned to.
| Feature | Version Added | Documentation |
|---|---|---|
| CSP Nonce Support | 2.2.0 | Nonce-Support.md |
| CSP Violation Report Support | 3.0.0 | Violation-Report-Support.md |
| User Permissions | 4.0.0 | User-Permissions.md |
| Automatic Violation Report Cleanup | 4.0.0 | Violation-Report-Cleanup.md |
| Xperience Version | Library Version |
|---|---|
| >= 30.11.0 | 5.0.0 |
| >= 30.1.3 | 4.0.0 |
| >= 29.1.4 | 2.0.0 |
| >= 28.3.0 | 1.0.0 |
Add the package to your application using the .NET CLI
dotnet add package XperienceCommunity.CSP-
Install NuGet package above.
-
Register the CSP management services using
builder.Services.AddXperienceCommunityCspManagement():// Program.cs var builder = WebApplication.CreateBuilder(args); builder.Services.AddKentico(); // ... builder.Services.AddXperienceCommunityCspManagement();
-
Register the CSP management middleware using
app.UseXperienceCommunityCspManagement():var app = builder.Build(); app.UseKentico(); // ... app.UseXperienceCommunityCspManagement();
-
That's it, launch your website and the module should be installed ready to go! Once you've configured your CSP headers, load a page on the website and check the headers in your browser console.
Feel free to submit issues or pull requests to the repository, this is a community package and everyone is welcome to support.
Distributed under the MIT License. See LICENSE.md for more information.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}