Skip to content

Instantly share code, notes, and snippets.



Last active Apr 30, 2020
What would you like to do?
A way of setting the Content Security Policy header in Craft CMS
// - If the request is not from the control panel
// - If the request is not from the console
// - If a user is not logged in (for debug toolbar in the front-end)
if (
!Craft::$app->request->isCpRequest &&
!Craft::$app->request->isConsoleRequest &&
// Add CSP header
Craft::$app->response->headers->add("Content-Security-Policy", "<your_policy_goes_here>");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment