Manual:Hooks/ContentSecurityPolicyDefaultSource
Appearance
ContentSecurityPolicyDefaultSource | |
---|---|
Available from version 1.32.0 Modify the allowed CSP load sources. This affects all directives except for the script directive. | |
Define function: | public static function onContentSecurityPolicyDefaultSource( array &$defaultSrc, array $policyConfig, int $mode ) { ... }
|
Attach hook: | In extension.json:
{
"Hooks": {
"ContentSecurityPolicyDefaultSource": "MediaWiki\\Extension\\MyExtension\\Hooks::onContentSecurityPolicyDefaultSource"
}
}
|
Called from: | File(s): ContentSecurityPolicy.php |
Interface: | ContentSecurityPolicyDefaultSourceHook.php |
For more information about attaching hooks, see Manual:Hooks .
For examples of extensions using this hook, see Category:ContentSecurityPolicyDefaultSource extensions.
If you want to add a script source, see the ContentSecurityPolicyScriptSource hook.
Details
[edit]&$defaultSrc
: Array ofContent-Security-Policy
allowed sources$policyConfig
: Current configuration for theContent-Security-Policy
header$mode
:ContentSecurityPolicy::REPORT_ONLY_MODE
orContentSecurityPolicy::FULL_MODE
depending on type of header