Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

CSP for LimeSurvey

  • LGT_WEBS
  • LGT_WEBS's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
2 weeks 2 days ago #260318 by LGT_WEBS
CSP for LimeSurvey was created by LGT_WEBS
Your LimeSurvey version: LimeSurvey Community Edition Version 6.4.5+240205
Own server or LimeSurvey hosting: Own server
==================

I need to customize our CSP for LimeSurvey and want to make sure that everything continues to work smoothly. Can anyone confirm if LimeSurvey will work properly if I make the following settings?
  • Content-Security-Policy "frame-ancestors 'self';"
  • Implement directives that set valid and complete source restrictions for loading dynamic content (script-src, object-src, default-src)
  • Avoiding the use of unsafe directives such as 'unsafe-eval' and 'unsafe-inline
  • Avoid typos or otherwise invalid CSP directives.
  • Avoid wildcards, host-based allowlists or bare URL schemes such as 'HTTP' in source code directives

Many thanks and best regards
Jürg

Please Log in to join the conversation.

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source