Skip to content

feat: Add support to enable/disable CSP at runtime#10397

Open
patel-vansh wants to merge 3 commits into
codeigniter4:4.8from
patel-vansh:feat/disable-csp-runtime
Open

feat: Add support to enable/disable CSP at runtime#10397
patel-vansh wants to merge 3 commits into
codeigniter4:4.8from
patel-vansh:feat/disable-csp-runtime

Conversation

@patel-vansh

Copy link
Copy Markdown
Contributor

Description
This PR adds support to let users enable/disable CSP for current request without modifying config variables in runtime.

This lets them exclude specific routes (especially routes handling serving files) from Content-Security-Policy header.

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value (without duplication)
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@github-actions github-actions Bot added the 4.8 PRs that target the `4.8` branch. label Jul 9, 2026
Comment thread user_guide_src/source/outgoing/csp.rst Outdated
@patel-vansh
patel-vansh requested review from memleakd and michalsn July 15, 2026 11:52

@michalsn michalsn left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

4.8 PRs that target the `4.8` branch.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants