Meddling with CSP for the first time. It's exhausting to be honest!
I've got the general gist of things, but I need a bit of guidance.
This is the default copied from the ContentSecurityPolicy.php in my Config folder:
public $defaultSrc = null; // will default to self if not over-ridden
public $scriptSrc = 'self';
public $styleSrc = 'self';
public $imageSrc = 'self';
public $baseURI = null; // will default to self if not over-ridden
public $childSrc = 'self';
public $connectSrc = 'self';
public $fontSrc = null;
public $formAction = 'self';
public $frameAncestors = null;
public $mediaSrc = null;
public $objectSrc = 'self';
public $manifestSrc = null;
This is from my BaseController which my Controller extends to:
//--------------------------------------------------------------------
// Preload any models, libraries, etc, here.
//--------------------------------------------------------------------
// E.g.:
// $this->session = \Config\Services::session();
/* $this->response->CSP->setDefaultSrc('self'); */
$this->response->CSP->setDefaultSrc('self');
$this->response->CSP->addStyleSrc('https://fonts.googleapis.com');
$this->response->CSP->addImageSrc(['http://cdn1.feelunique.com', 'http://feelunique.feedspark.com', 'http://s.cdnsbn.com', 'https://assets.feelunique.com', 'https://cdn1.feelunique.com', 'https://i.notino.com', 'https://images2.productserve.com', 'https://www.sobelia.com', ]);
Neither the font, nor the images.. or even images stored on my own web hosting are showing when I switch CSP to true.
Can anyone give me a bit of guidance what step I'm missing in the process, please?
Greatly appreciated!
