Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable strict CSP headers #681

Open
bibips opened this issue Mar 5, 2025 · 1 comment
Open

Enable strict CSP headers #681

bibips opened this issue Mar 5, 2025 · 1 comment

Comments

@bibips
Copy link

bibips commented Mar 5, 2025

Hi,

Security is paramount on an ecommerce site, so this new theme must be built in such a way as to enable CSP headers.
To allow a strict policy for CSP headers to be set the theme must follows some rules like no javascript outside js files or css outside css files.

Currently the theme still contains inline style : https://github.com/search?q=repo%3APrestaShop%2Fhummingbird%20style%3D%22&type=code.
Inline style should be replaced by class.
@matks
Copy link
Contributor

matks commented Mar 5, 2025

@bibips replacing inline style by class would remove the capability to customize it

PrestaShop is a CMS so it has to be customizable.

To allow a strict policy for CSP headers to be set the theme must follows some rules like no javascript outside js files or css outside css files.

I don't understand why you say this. It is possible to implement a strict policy for CSP headers with inline styling.

Inline JavaScript is a different story. But inline CSS?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matks @bibips