README

GSB 11 Extension gsb_csp

About

The extension gsb_csp automatically adds integrity attributes to all local CSS/Javascript resources, and adds provides a restrictive set of CSP headers.

It provides a backend module to see applied csp solutions.

Learn more about the GSB 11.

Installation

The best way to install this extension is to start with the GSB Sitepackage Kickstarter extension.

Quick installation without GSB Sitepackage Kickstarter

In a composer-based TYPO3 installation you can install the extension EXT:gsb_csp via composer:

  composer config -g gitlab-domains gitlab.opencode.de && \
  composer config -g repositories.gsb-csp vcs https://gitlab.opencode.de/bmi/government-site-builder-11/extensions/gsb_csp.git

  composer require itzbund/gsb-csp

In TYPO3 installations above version 11.5 the extension will be automatically installed. You do not have to activate it manually.

Configuration

If you want to enable the functionality of this extension, you have to enable the feature flag

GSB11_OPTION_4119_INTEGRITY_BASED_CSP_HASHES

and the TYPO3 core feature flag

security.frontend.enforceHashbasedContentSecurityPolicy

Feature Flags

This document explains how to use feature flags. We separate between two different kinds of feature flags:

Feature

Feature flags allow you to enable or disable specific features in your installation. \ This is of particular importance to disable features that have not passed the approval process.

Optional

Optional flags allow you to (de-)activate specific features for your installation. \ A practical use for these is the (de-)activation of an extension.

For more information about feature flags in TYPO3, please refer to the official TYPO3 Documentation on Feature Flags.

Feature Flag Configuration

Feature and Optional flags are configured in the .env or the local-dev/.ddev/docker-compose.environment.yaml file on ddev machine. To add a feature flag, use the following syntax:

# FEATURE FLAG
- TYPO3__SYS__features__GSB11_FEATURE_123_NEW_FEATURE=%const(bool:true)%
# OPTIONAL FLAG
- TYPO3__SYS__features__GSB11_OPTION_123_ENABLE_EXTENSION=%const(bool:true)%

In this example, both feature flags, GSB11_FEATURE_123_NEW_FEATURE and GSB11_OPTION_123_ENABLE_EXTENSION, are set to true. To disable the feature, change the value to false or delete the setting.

Feature Flag Truth Table

This table illustrates the behavior of feature flags in various states.

Usage in PHP Code

To use a feature flag in your PHP code, you can check the flag's value with the isFeatureEnabled() method of the Features class:

if (GeneralUtility::makeInstance(Features::class)->isFeatureEnabled('GSB11_FEATURE_123_NEW_FEATURE')) {
    echo 'Feature is enabled';

    // Feature-specific code
    ...
}

Usage in Fluid Templates

Feature flags can also be checked in your Fluid templates with TYPO3's Feature ViewHelper.

Basic usage

<f:feature name="GSB11_FEATURE_123_NEW_FEATURE">
   This is being shown if the flag is enabled
</f:feature>

Feature > then > else

<f:feature name="GSB11_OPTION_123_ENABLE_EXTENSION">
    <f:then>
        Flag is enabled
    </f:then>
    <f:else>
        Flag is undefined or not enabled
    </f:else>
</f:feature>

Current feature flags of gsb_csp

Usage

Nothing to do.

Contribute

As with TYPO3, we encourage you to join the project by submitting changes. Development of the GSB 11 happens mainly in the GSB 11 TYPO3 extension repositories.

To get started, have a look at our detailed contribution walkthrough.