Advertising sustains the DA. Ads are hidden for members. Join today

Content-Security-Policy

Compatibility of top Contrib modules

Last updated on
24 June 2022

This documentation needs work. See "Help improve this page" in the sidebar.

Module Compatibility Notes
Drupal Core CKEditor, Modernizr, and Drupal AJAX require 'unsafe-inline' exceptions #2789139: [upstream] CSP requires 'unsafe-inline' because of CKEditor 4
#2848401: [upstream] Modernizr prevents strict CSP
#3100151: Adding JS/CSS assets in AJAX responses requires 'unsafe-inline' Content Security Policy
Admin Toolbar
CAPTCHA
Chaos Tool Suite (ctools)
Configuration Update Manager
Crop API
Devel
Entity API
Entity Browser
Entity Embed
Entity Reference Revisions
Embed
Field Group
Google Analytics ❌ requires script-src 'unsafe-inline'

#2890438: Clean way to avoid inline js?

#3276807: Include Google Analytics script in separate file

Googalytics is a CSP-compatible alternative
Inline Entity Form
Mail System
Media Entity
Metatag
Paragraphs
Pathauto
Redirect
Search API
Simple XML Sitemap
Token
Video Embed Field
Webform

Help improve this page

Page status: Needs work

You can: