Deploy different Content Security Policies (CSPs) using Apache conditional statements

Having a strict content Content Security Policy (CSP) can be a useful addition for your website security. However, when running a content management system (CMS) like WordPress, you’re often forced to make a few a undesired compromises.

To work around the problem, I previously had two different policies available within my virtual host configuration that I toggled on and off (by hand) depending on whether I needed to use the dashboard or not. Imagine how much simpler life would be if Apache could work with if/else statements.

Continue reading