Add CSP and Referrer policy

guzzisti

Core license
License owner
As of version 3.13.4, Chevereto does not come with a Content Security Policy nor a Referrer Policy set.

I set a Referrer Policy by manually editing /app/themes/Peafowl/head.php, but that will most likely be overwritten by the next update.
From my point of view Chevereto should set valid policys respecting user data by default.
 

DeCysos

Phoenix Foto Service
License owner
In Deutsch
-------------
Damit die gemachten manuellen änderungen bei einem Update nicht automatisch überschrieben werden ist es möglich in folgendem Ordner die gewünschte Datei "head.php" anzulegen.

Ordner: /app/themes/Peafowl/custom_hooks

Alternativ kannst Du auch den Ordner Peafowl kopieren und umbennen zum beispiel in "Peafowl_self" und dort deine Änderungen machen ohne das sie bei einem Update verloren gehen können.

--------------------------
Translatet into english
--------------------------
In order to avoid automatically overwriting the manual changes made during an update, it is possible to create the desired file "head.php" in the following folder.

Folder: /app/themes/peafowl/custom_hooks

Alternatively, you can also copy and rename the folder Peafowl for example in "Peafowl_self" and make your changes there without them being lost in an update.
 

guzzisti

Core license
License owner
@DeCysos Danke für den Hinweis, das hab ich glatt übersehen. :)

@Rodolfo
For Referer Policy i added this meta tag:
HTML:
<meta name="referrer" content="no-referrer">
I have yet to find a working CSP tag.
 

guzzisti

Core license
License owner
Thanks for your response. According to the provided link, only the Referrer policy is deprecated, not CSP as a whole.

Anyway...i will stick with the custom hocks at the moment.
 
Top