Content Security Policy settings

General questions relating to Joomla! 4.x.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
Post Reply
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Tue Oct 11, 2011 10:36 am

Content Security Policy settings

Post by GewoonR » Tue Oct 03, 2023 8:32 am

Hi there,

Try to make a Content Security Policy using the wizard at a great website called This wizard will show you the detected items on a website. I let it ran for a week and the detected items contained also a lot of 'unsafe-inline', 'unsafe-eval' directives:
  • default-src 'unsafe-inline'
  • script-src-attr 'unsafe-inline'
  • script-src-elem 'unsafe-inline'
  • script-src 'unsafe-eval'
  • script-src 'unsafe-inline'
  • style-src-attr 'unsafe-inline'
  • style-src-elem 'unsafe-inline'
  • style-src 'unsafe-inline'
In my opinion the website will remain vulnerable when putting these in the CSP. Are there specific directives that should have the 'unsafe-inline' or 'unsafe-eval' directives for Joomla 4 to work properly?

Thanks in advance!
Last edited by toivo on Tue Oct 03, 2023 8:47 am, edited 1 time in total.
Reason: mod note: moved from 4.x Security

Post Reply

Return to “General Questions/New to Joomla! 4.x”