Jump to content

Manual:$wgCSPFalsePositiveUrls

From mediawiki.org
Security: $wgCSPFalsePositiveUrls
Controls what URLs to ignore in upcoming Content-Security-Policy feature's reporting.
Introduced in version:1.28.0 (Gerrit change 306765; git #d84479c4)
Removed in version:Still in use
Allowed values:(array)
Default value:See below

List of urls which appear often to be triggering CSP reports but do not appear to be caused by actual content, but by client software inserting scripts (i.e. Ad-Ware). List based on results from Wikimedia logs.

A value of true for a certain URL activates it as a false-positive.

The default value is based on URLs of spam that comes into the Wikimedia log files, based on testing on elwiki.

Default value

[edit]
MediaWiki version:
1.33
$wgCSPFalsePositiveUrls = [
	'https://3hub.co' => true,
	'https://morepro.info' => true,
	'https://p.ato.mx' => true,
	'https://s.ato.mx' => true,
	'https://adserver.adtech.de' => true,
	'https://ums.adtechus.com' => true,
	'https://cas.criteo.com' => true,
	'https://cat.nl.eu.criteo.com' => true,
	'https://atpixel.alephd.com' => true,
	'https://rtb.metrigo.com' => true,
	'https://d5p.de17a.com' => true,
	'https://ad.lkqd.net/vpaid/vpaid.js' => true, // 1.29+
	'https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0' => true, // 1.33+
	'https://t.lkqd.net/t' => true, // 1.33+
	'chrome-extension' => true, // 1.33+
];
MediaWiki versions:
1.29 – 1.32
$wgCSPFalsePositiveUrls = [
	'https://3hub.co' => true,
	'https://morepro.info' => true,
	'https://p.ato.mx' => true,
	'https://s.ato.mx' => true,
	'https://adserver.adtech.de' => true,
	'https://ums.adtechus.com' => true,
	'https://cas.criteo.com' => true,
	'https://cat.nl.eu.criteo.com' => true,
	'https://atpixel.alephd.com' => true,
	'https://rtb.metrigo.com' => true,
	'https://d5p.de17a.com' => true,
	'https://ad.lkqd.net/vpaid/vpaid.js' => true, // 1.29+
];
MediaWiki version:
1.28
$wgCSPFalsePositiveUrls = [
	'https://3hub.co' => true,
	'https://morepro.info' => true,
	'https://p.ato.mx' => true,
	'https://s.ato.mx' => true,
	'https://adserver.adtech.de' => true,
	'https://ums.adtechus.com' => true,
	'https://cas.criteo.com' => true,
	'https://cat.nl.eu.criteo.com' => true,
	'https://atpixel.alephd.com' => true,
	'https://rtb.metrigo.com' => true,
	'https://d5p.de17a.com' => true,
];