Skip to content

Releases: Firesphere/silverstripe-csp-headers

Improved script parsing through insertHeadTag

24 Sep 02:44
f345b4e
Compare
Choose a tag to compare

When using insertHeadTag, the original method used with strip_tags was too trigger-happy and could potentially strip out valid/wanted HTML from javascript, where it contained e.g. a variable with HTML to be rendered by the javascript (templates etc.)

The new solution is to take the contents of the <script></script> tags instead.

[bugfix] in_cms wasn't set to a sane default

06 Aug 23:23
c7b94e8
Compare
Choose a tag to compare
1.4.4

Add default value for in_cms

Disable in CMS

06 Aug 22:33
4407733
Compare
Choose a tag to compare
  • Add option to disable the check in CMS.

Only call header when wanted

21 Jul 01:31
f0a96d6
Compare
Choose a tag to compare
1.4.2

Remove duplicate add call

Harden datarecord check

21 Jul 00:06
2aa4d5f
Compare
Choose a tag to compare
1.4.1

Harden datarecord check

Add various other headers

16 Jul 23:43
Compare
Choose a tag to compare
  • Added various other headers
  • Improved and split out documentation

Minor updates

10 Jul 23:14
360b83c
Compare
Choose a tag to compare
  • Updated convertor
  • Fixed up tests

Full release of convertor

29 Jun 23:27
59d0156
Compare
Choose a tag to compare
  • Add Connect as option to the CMS

Improved convertor

29 Jun 23:08
5303e43
Compare
Choose a tag to compare

Improved the header to yml convertor.

Add connect-src from CMS

29 Jun 22:33
b135761
Compare
Choose a tag to compare
1.2.5

Add connect-src, add searchable for type