Actions
Feature #101580
openAdd feature flag to enable CSP ReportOnly mode
Start date:
2023-08-04
Due date:
% Done:
0%
Estimated time:
PHP Version:
Tags:
Complexity:
easy
Sprint Focus:
Description
Since version 13 the backend CSP is enabled by default. The feature flag that is introduced in version 12 is now always active.
It would be great to have the possibility to put the frontend in report only mode to collect data before rolling out the CSP.
To archive this I would introduce another feature flag `security.frontend.contentSecurityPolicyReportOnly`.
Actions