Why not send CSP header via php ?

diracdeltas / sniffly

Sniffing browser history using HSTS

MIT License

935 stars 118 forks source link

Why not send CSP header via php ? #3

Closed SleepProgger closed 9 years ago

SleepProgger commented 9 years ago

I just wondered, is there a reason you don't send the CSP header via php to be compatible for browsers not supporting the CSP settings via meta tag ?

Something like this should do the work:

<?php
$csp_rules = "img-src http://*";
foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $csp){
    header($csp . ": " . $csp_rules);
}
?>

diracdeltas commented 9 years ago

I don't write PHP. :)

Happy to accept a pull request to add this to the README as an example though!

Qix- commented 9 years ago

As long as it's a response header it shouldn't matter what backend language you use.

I don't write PHP. :)

:+1: This is a good thing.

SleepProgger commented 9 years ago

Happy to accept a pull request to add this to the README

Send.

diracdeltas commented 9 years ago

Merged, thanks.