How to set generic CSP header in config.neon?

Question

I need to set Content Security Policy in config.neon file. The policy for images should look something like this (very stripped down version) img-src data:

The server runs PHP/Nette framework, configuration is in .neon files. The string data: produces syntax error on server-side, because : has special meaning in .neon.

Nette\Neon\Exception
Unexpected ':' on line 28, column 343.

How to overcome this? How can I send "data:" in header?

I am not not a PHP developer, so this might be trivial for someone working in PHP — David Votrubec, Aug 13 '18 at 07:53

score 0 · Answer 1 · answered Aug 13 '18 at 08:07

0

I've found the answer. The whole definition has to be wrapped in double quotes, then Nette sends it down as it is, without trying to interpret the string

So the correct definition is

Content-Security-Policy:  "img-src whatever-is-in-the-double-quotes"

answered Aug 13 '18 at 08:07

David Votrubec

3,968
3
33
44

How to set generic CSP header in config.neon?

1 Answers1