Β 
The Joomla Training Cohort has been launched!

Please send any feedback or bug reports to [email protected] (opens new link)  

I've got some catch-up work to do around security headers so watch me while I work.

00:00:00 - Introduction Revisiting Security Headers & Joomla Training Cohort Preview
00:06:26 - Security Headers Implementation
00:31:44 - Technical Debugging
01:18:58 - Joomla-Specific Fixes
01:29:51 - Cache & Headers Investigation
01:54:24 - Wrap-Up & Cohort Prep

 

βœ…  Summary

  1. Introduction & Setup Context
    The stream kicks off with a welcome, a shoutout to the sponsor MySites.Guru, and a fun weather update from the West Coast. Tim addresses feedback on stream style and highlights a recent DMARC tutorial.

  2. Security Headers Review Begins
    Focus shifts to security headers, checking for existing ones on a client site (Delta Beckwith). None are found in the .htaccess, prompting a walkthrough of adding default headers.

  3. Implementing & Debugging Content Security Policy (CSP)
    Tim adds an initial CSP configuration but runs into issues with blocked resources. The iterative nature of CSP setup becomes evident as domains like js.hsforms.net and Google resources are incrementally whitelisted.

  4. Using Tools like CSP Generator Extension
    He installs and tests the CSP Generator Chrome extension, attempting to collect all necessary resources. Inline scripts and styles prove tricky, especially when Notepad visibility causes sharing hiccups.

  5. Syntax Errors & Browser Cache Challenges
    Troubleshooting reveals CSP syntax issues (e.g., β€œframe-ancestors” placement). Cache problems in Brave, Chrome, and even Tor create hurdles in validating changes.

  6. ChatGPT Helps Debug CSP Directives
    Tim consults ChatGPT several times to spot and correct errors in the CSP setup. Eventually, the "frame-ancestors" issue and domain typos are resolved.

  7. Form & GIF Image Load Issues
    After multiple adjustments, the HubSpot form loads but GIFs remain blocked. Investigation leads to identifying browser cache behavior and server-related issues.

  8. Fixing Link & Redirect Problems
    The contact form's link doesn’t work without "www". Tim tracks this down to a hardcoded link and incorrect redirect settings in cPanel. DNS and caching are also checked.

  9. Exploring "Clear Site Data" Header
    There's a deep dive into this privacy-related header. Its correct syntax and implications are discussed with input from Brent and users in the chat.

  10. Final CSP Adjustments & Success
    A cleaner CSP configuration emerges through trial and error. Removing problematic directives (like no-transform) results in GIFs loading properly, and Tim wraps up after a successful CSP implementation journey.

Please send any feedback or bug reports or queries to;

Contact Tim Davis β–Ί This email address is being protected from spambots. You need JavaScript enabled to view it.

Joomla Training Cohort β–Ί https://cybersalt.com/jtc

JTC has been launched and is now accepting members https://cybersalt.com/services/subscriptions
mySites.guru β–Ί https://mysites.guru
Backing Up Your Joomla Site with Akeeba β–Ίhttps://www.youtube.com/watch?v=4Xu4o0g2-RY&t=0s
FOLLOW US ON X(TWITTER!) β–Ί https://x.com/basicjoomla
LIKE US ON FACEBOOK! β–Ί https://www.facebook.com/basicjoomla
SUBSCRIBE US ON YOUTUBE β–Ί//www.youtube.com/@Basicjoomla

#basicjoomla

#cybersalt

 


Interesting blog? Like it on Facebook, Post it or share this article on other bookmarking websites.

Written by:
Log in to comment

Add comment

Submit