v2025 onwards …
Description: The HTTP Content-Security-Policy response header allows website administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints.
Ref:
phpmaker.dev/docs/#/tools.html?id=use-content-security-policy-csp
Configuration:
Add
Config()->append("CSP.[directive]", "[value]");
into the “Global Code” section.
Example:
[directive] = img-src.allow
[value] = associated
Config()->append("CSP.img-src.allow", "https://quickchart.io");
This allows images sourced from quickchart.io to be displayed on the current page.
For a complete list of directives and values see
developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy.