@@ -66,7 +66,9 @@ call basis, by providing an optional second parameter to the adding method call.
6666Runtime Configuration
6767*********************
6868
69- If your application needs to make changes at run-time, you can access the instance at ``$this->response->getCSP() `` in your controllers. The
69+ If your application needs to make changes at run-time, you can access the instance at ``$this->response->getCSP() `` in your controllers.
70+
71+ The
7072class holds a number of methods that map pretty clearly to the appropriate header value that you need to set.
7173Examples are shown below, with different combinations of parameters, though all accept either a directive
7274name or an array of them:
@@ -76,12 +78,27 @@ name or an array of them:
7678The first parameter to each of the "add" methods is an appropriate string value,
7779or an array of them.
7880
81+ Report Only
82+ ===========
83+
7984The ``reportOnly() `` method allows you to specify the default reporting treatment
80- for subsequent sources, unless over-ridden. For instance, you could specify
85+ for subsequent sources, unless over-ridden.
86+
87+ For instance, you could specify
8188that youtube.com was allowed, and then provide several allowed but reported sources:
8289
8390.. literalinclude :: csp/013.php
8491
92+ .. _csp-clear-directives :
93+
94+ Clear Directives
95+ ================
96+
97+ If you want to clear existing CSP directives, you can use the ``clearDirective() ``
98+ method:
99+
100+ .. literalinclude :: csp/014.php
101+
85102**************
86103Inline Content
87104**************
0 commit comments