Hi,
Can anyone share meta CSP policy settings
Hi,
Can anyone share meta CSP policy settings
We have CSP enabled on Meta, and recommend everyone keeps it enabled on their own sites! It provides a good layer of protection against exploits. Content Security Policy (CSP) - HTTP | MDN
I’ll translate that We don’t have too many settings of CSP to share. Only on or off…
It is other systems where system admins can easily adjust CSP. Discourse is not one of those.
(Off topic, but CSP is strongly overrated, because there must use so many settings that actually allow too many things weekening CSP. And in global sites google ads and CSP is pain in the tender places…)
You can add new domains to the script src
CSP policy in site settings, which is the main use case for our users.
Plugins can extend any other CSP directives.
Good to know I/we can override default with full scale CSP. Everyday something new
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.