-
Notifications
You must be signed in to change notification settings - Fork 20
cspLegacy
Aidan Woods edited this page Jul 16, 2017
·
2 revisions
void cspLegacy ([ mixed $mode = true ] )Enable or disable legacy CSP support.
When enabled, SecureHeaders will send an additional
X-Content-Security-Policy and/or
X-Content-Security-Policy-Report-Only. The policy configured with
->csp or ->cspro respectively will be sent with this legacy
header, with no attempt to strip out newer CSP features (browsers should
ignore CSP directives and keywords they do not recognise).
If this setting is unconfigured, the default is off.
Loosely casted as a boolean, true enables the legacy headers, false
disables them.