A comprehensive Content Security Policy (CSP) management package for Umbraco CMS that helps protect your website from XSS attacks and other code injection vulnerabilities. Manage CSP headers for both frontend and backend through an intuitive backoffice interface.
Full documentation is available at matthew-wise.github.io/Umbraco-CSP-manager
- Frontend & Backend CSP Management — Configure separate Content Security Policies for your website frontend and Umbraco backoffice
- Intuitive Backoffice Interface — Easy-to-use management screens within the Umbraco backoffice
- Policy Import — Paste an existing CSP header value to import it directly into the backoffice
- CSP Evaluation Tools — Test and validate your Content Security Policies before deployment
- Nonce Support — Built-in tag helpers for script, style, and link nonces
- Flexible Configuration — Customize CSP directives to match your website's requirements
- Notification Events — Extend behaviour with
CspWritingNotificationandCspSavedNotification - uSync Integration — Sync CSP policies across environments using uSync
dotnet add package Umbraco.Community.CSPManager| Package | Purpose |
|---|---|
| Umbraco.Community.CSPManager.uSync | Automatically includes CSP definitions in uSync export/import cycles |
| Umbraco.Community.CSPManager.uSync.Complete | Adds Push/Pull actions via uSync Publisher for on-demand environment sync |
Contributions are welcome! Please read our Contributing Guidelines and feel free to submit issues and pull requests.
This project is licensed under the MIT License - see the LICENSE file for details.