Meta CSP policy

cabana3 · December 10, 2021, 6:03am

Hi,

Can anyone share meta CSP policy settings

awesomerobot · December 10, 2021, 2:52pm

We have CSP enabled on Meta, and recommend everyone keeps it enabled on their own sites! It provides a good layer of protection against exploits. Content Security Policy (CSP) - HTTP | MDN

Jagster · December 10, 2021, 4:59pm

I’ll translate that We don’t have too many settings of CSP to share. Only on or off…

It is other systems where system admins can easily adjust CSP. Discourse is not one of those.

(Off topic, but CSP is strongly overrated, because there must use so many settings that actually allow too many things weekening CSP. And in global sites google ads and CSP is pain in the tender places…)

Falco · December 10, 2021, 5:07pm

You can add new domains to the script src CSP policy in site settings, which is the main use case for our users.

Plugins can extend any other CSP directives.

Jagster · December 11, 2021, 9:20am

Good to know I/we can override default with full scale CSP. Everyday something new

system · January 10, 2022, 9:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Content-Security-Policy now uses 'strict-dynamic' Announcements	13	1142	September 2, 2024
Add CSP sources to the plugin Support advertising	7	2368	March 23, 2020
Mitigate XSS Attacks with Content Security Policy Site Management how-to , content-security-policy	32	23439	June 13, 2023
Can I add a snippet to the header? Support	5	787	February 7, 2023
Need help with the content security policy Support	4	708	June 15, 2020

Meta CSP policy

Related topics