Support report-to and report-uri in the CSP plugin

7506d45f · ale · 25cf829b · 7506d45f
Commit 7506d45f authored Oct 18, 2020 by ale
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

plugins/csp/csp.php plugins/csp/csp.php +8 -0

No files found.
--- a/plugins/csp/csp.php
+++ b/plugins/csp/csp.php
@@ -30,6 +30,14 @@ class csp extends rcube_plugin {
        "script-src 'self' {$proto}://{$host}{$path} 'unsafe-inline' 'unsafe-eval' {$src_sso}; " .
        "style-src 'self' 'unsafe-inline' {$src_sso}; " .
        "object-src 'none'");
+    $report_uri = $rcmail->config->get('csp_report_uri', '');
+    if($report_uri != '') {
+      $csp_header .= '; report-uri ' . $report_uri;
+    }
+    $report_to = $rcmail->config->get('csp_report_to', '');
+    if($report_to != '') {
+      $csp_header .= '; report-to ' . $report_to;
+    }
    header("Content-Security-Policy: {$csp_header}");
    return $content;
  }