Β 
The Joomla Training Cohort has been launched!

Please send any feedback or bug reports to [email protected] (opens new link)  

Use the Content Security Policy Header for your Joomla Site - πŸ›  MM Live Stream #167

Tim Davis
Written by: Created: 14 December 2020
Category: Maintenance Monday
Hot!Hits: 833Reading time: 01:50
Security Maintenance Monday Joomla Training Cohort

The Content Security Policy Header is like the guest list at a party with very important guest who require protection against threats. Absolutely nobody gets in unless they're preapproved to be let in. Use the Content Security Policy Header to protect your Joomla site from the cross-site scripting (XSS) vulnerability.

 

 

 

00:00 - Introduction and Sponsorship Message

01:36 - Setting Up and Testing CSP Headers

08:05 - Configuring CSP: Inline Scripts and Subdomains

12:00 - Wildcards, Domain Management, and Best Practices

17:31 - Signing Off and Audience Interaction

18:04 - Final CSP Adjustments and Livestreams

25:46 - Comprehensive CSP Coverage and Troubleshooting

33:10 - Troubleshooting Google Fonts and Tag Manager

37:55 - Advanced CSP Troubleshooting and Adjustments

43:42 - Managing CSP for Google Ads and Domains

50:22 - Joomla Extensions and CSP Updates

56:25 - Resolving Plugin Conflicts and Template Issues

01:06:49 - Closing Remarks and Final Comments

 

Summary

 

Introduction and Sponsorship 

Tim Davis introduces the video and acknowledges MySites.guru for sponsoring with a focus on their free site audits.

Introduction to Content Security Policy (CSP)

Overview of the CSP header and its role in site security.

Site Audit and CSP Testing 

Using MySites.guru for site audits and testing CSP on basicjoomla.com.

Understanding XSS Vulnerabilities and CSP 

Explanation of Cross-Site Scripting (XSS) vulnerabilities and how CSP helps mitigate them.

Setting Up CSP in .htaccess 

Instructions for configuring CSP in the .htaccess file, including accessing and editing it.

Practical CSP Demonstrations 

Demonstrations of setting up CSP, checking its impact, and using Chrome’s Element Inspector for error detection.

Adjusting CSP for Subdomains and Multiple Domains

Expanding CSP to include subdomains and multiple domains, using wildcards, and correcting policy errors.

Troubleshooting and Testing CSP 

Techniques for troubleshooting CSP errors, handling specific domain issues, and ensuring comprehensive coverage.

Additional Troubleshooting and Updates 

Addressing issues with various services, extensions, and script errors, including CSS and template-related problems.

Final Remarks and Closing

Final comments, troubleshooting results, and signing off with announcements and closing remarks.

Please send any feedback or bug reports or queries to;

Contact Tim Davis β–Ί This email address is being protected from spambots. You need JavaScript enabled to view it.

Joomla Training Cohort β–Ί https://cybersalt.com/jtc

JTC has been launched and is now accepting members https://cybersalt.com/services/subscriptions
mySites.guru β–Ί https://mysites.guru
Backing Up Your Joomla Site with Akeeba β–Ίhttps://www.youtube.com/watch?v=4Xu4o0g2-RY&t=0s
FOLLOW US ON X(TWITTER!) β–Ί https://x.com/basicjoomla
LIKE US ON FACEBOOK! β–Ί https://www.facebook.com/basicjoomla
SUBSCRIBE US ON YOUTUBE β–Ί//www.youtube.com/@Basicjoomla

#basicjoomla

#cybersalt

Interesting blog? Like it on Facebook, Post it or share this article on other bookmarking websites.

Tim Davis
Written by:
Tim Davis is the founder and owner of Cybersalt.
Log in to comment

Add comment

Submit