jonashrem
commented
6 years ago in case three (feature is on and field is filled)
shouldn't the Header be depending on a consent cookie? At least that is what I understood in the discussion earlier?
Open riconeitzel opened 6 years ago
jonashrem
commented
6 years ago in case three (feature is on and field is filled)
shouldn't the Header be depending on a consent cookie? At least that is what I understood in the discussion earlier?
Implement two fields in sys config: CSP Header enabled [dropdown: yes|no] CSP Header [textfield]
if feature is turned off: nothing happens turned on, field empty: only local assets are loaded turned on, field filled: separate domains by comma or new line and add them as valid external resources
default is: feature is turned off