2021-08-23 21:22:00
Back in early 2019 I first learned how to properly apply CSP to my site's code. It was a very educational learning experience and by the end of it I managed to score an A+ in Mozilla's Observatory (which does compatibility and security checks on your site).
Imagine my surprise when earlier today I learned that A) my CSP wasn't being used anymore, the header wasn't even set and B) my Observatory score had dropped to an F! Wow, what happened?!
It turns out that Dreamhost's PHP wasn't using my .htaccess file anymore, on the PHP 7.3 setup that it was running. A switch to PHP 7.4 with their FastCGI setup and we're back in business.
Also, hooray for the CSP Evaluator tool!
That'll teach me to regularly scan and check my own site. :|
I was prompted to go check out my own CSP settings, thanks to Scott Helme's recent post -> I turned on CSP and all I got was this crappy lawsuit
kilala.nl tags: website,
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.