itzbund / gsb-csp
GSB csp. This is Part of the Goverment Site Build (GSB) 11. Der GSB 11 ist eine Maßnahme der Dienstekonsolidierung Bund (DKB) des Bundesministeriums des Innern und für Heimat (BMI) und wird im Auftrag des Informationstechnikzentrums Bund (ITZBund) durchgeführt.
Requires
- php: ^8.2
- cweagans/composer-patches: ^1.7
- typo3/cms-core: ^12.4.20
- typo3/cms-frontend: ^12.4.20
Requires (Dev)
- captainhook/captainhook-phar: ^5.21
- codeception/codeception: *
- codeception/module-asserts: *
- codeception/module-db: *
- doctrine/dbal: ^3.3 || ^4.0
- ergebnis/composer-normalize: ^2.28
- friendsofphp/php-cs-fixer: ^3.14
- helmich/typo3-typoscript-lint: 3.1.0 || 3.2.0 || 3.2.1
- itzbund/captainhook-hooks: ^1.0
- michielroos/typo3scan: ^1.7
- mockery/mockery: ^1.6
- php-coveralls/php-coveralls: ^2.5
- phpmd/phpmd: ^2.13
- phpstan/extension-installer: ^1.2
- phpstan/phpstan: ^1.10
- phpstan/phpstan-phpunit: ^1.3
- phpstan/phpstan-strict-rules: ^1.5
- phpunit/phpunit: ^10.0 || ^11.0
- ramsey/conventional-commits: ^1.5
- saschaegerer/phpstan-typo3: ^1.8
- sbuerk/typo3-cmscomposerinstallers-testingframework-bridge: ^0.1.2
- seld/jsonlint: ^1.9
- squizlabs/php_codesniffer: ^3.7
- ssch/typo3-rector: ^1.1 || ^2.0
- symfony/yaml: ^6.1 || ^7.0
- typo3/coding-standards: ^0.7 || ^0.8
- typo3/testing-framework: ^8.1
- dev-main / 1.x-dev
- v1.3.1
- v1.3.1-rc.3
- v1.3.1-rc.2
- v1.3.1-rc.1
- v1.3.0
- v1.3.0-rc.1
- v1.2.0
- v1.2.0-rc.1
- v1.1.1
- v1.1.1-rc.1
- v1.1.0
- v1.1.0-rc.2
- v1.1.0-rc.1
- v1.0.11-rc.1
- v1.0.10
- v1.0.10-rc.1
- v1.0.9
- v1.0.8
- v1.0.8-rc.1
- v1.0.7
- v1.0.6
- v1.0.6-rc.1
- v1.0.5
- v1.0.5-rc.1
- v1.0.4
- v1.0.4-rc.4
- v1.0.4-rc.3
- v1.0.4-rc.2
- v1.0.4-rc.1
- v1.0.3
- v1.0.3-rc.2
- v1.0.3-rc.1
- v1.0.2
- v1.0.2-rc.1
- v1.0.1
- v1.0.1-rc.1
- v1.0.0
- v1.0.0-rc.3
- v1.0.0-rc.2
- v1.0.0-rc.1
- dev-release
This package is not auto-updated.
Last update: 2025-01-29 05:44:42 UTC
README
GSB 11 Extension gsb_csp
About
The extension gsb_csp automatically adds integrity attributes to all local CSS/Javascript resources, and adds provides a restrictive set of CSP headers.
Installation
The best way to install this extension is to start with the GSB Sitepackage Kickstarter extension.
Quick installation without GSB Sitepackage Kickstarter
In a composer-based TYPO3 installation you can install the extension EXT:gsb_csp via composer:
composer config -g gitlab-domains gitlab.opencode.de && \
composer config -g repositories.gsb-csp vcs https://gitlab.opencode.de/bmi/government-site-builder-11/extensions/gsb_csp.git
composer require itzbund/gsb-csp
In TYPO3 installations above version 11.5 the extension will be automatically installed. You do not have to activate it manually.
Configuration
If you want to enabe the functionality of this extension, you have to enable the feature flag
gsb_csp.security.frontend.enforceHashbasedContentSecurityPolicy
and the TYPO3 core feature flag
security.frontend.enforceHashbasedContentSecurityPolicy
Feature flags
Feature flags are configured in the .env or the local-dev/.ddev/docker-compose.environment.yaml file on ddev machine. To add a feature flag, use the following syntax:
# Feature flag for the specific tickets. Set them to true to activate the features.
- TYPO3__SYS__features__ITZBUNDPHP-4133=%const(bool:true)%
In this example, the feature flag ITZBUNDPHP-4133 is set to true. To disable the feature, change the value to false or delete
the setting.
Feature Flag Truth Table
This table illustrates the behavior of feature flags in various states.
| Feature Flag State | Evaluated Value | Description |
|---|---|---|
featureFlag = true | true | The feature is explicitly enabled. |
featureFlag = false | false | The feature is explicitly disabled. |
featureFlag = '' | false | An empty value is treated as false. |
featureFlag not exist | false | A non-existent flag defaults to false. |
Curent feature flags of gsb_csp
| Feature flag | Description |
|---|---|
ITZBUNDPHP-4133 | Enable a backend module to show CSP resolutions and delete them if necessary |
ITZBUNDPHP-4379 | Enable auto configuration of some CSPs for multiple backend sites to enable a preview without logging in to more than one backend domain |
Usage in PHP Code
To use a feature flag in your PHP code, you can check the flag's value in the global TYPO3 configuration. Here's an example:
if (GeneralUtility::makeInstance(Features::class)->isFeatureEnabled('ITZBUNDPHP-4133')) {
// Only if the feature flag is set to true the feature is activated
// Feature-specific code goes here
}
In this example, the feature-specific code will only execute if the feature flag ITZBUNDPHP-4133 is set to true.
Usage in Fluid Templates
You can also use feature flags in your Fluid templates with a custom ViewHelper. First, ensure you include the namespace for the ViewHelper:
{namespace gsb=ITZBund\GsbCore\ViewHelpers}
Then, use the featureFlag ViewHelper to conditionally render content based on the feature flag:
<f:if condition="{gsb:featureFlag(featureKey: 'ITZBUNDPHP-4133')}">
<!-- Feature-specific content goes here -->
</f:if>
Usage
Nothing to do.
Contribute
As with TYPO3, we encourage you to join the project by submitting changes. Development of the GSB 11 happens mainly in the GSB 11 TYPO3 extension repositories.
To get started, have a look at our detailed contribution walkthrough.