Level 1
Hi! I have some problem ((
Where did you check your app with ZAP. ZAP - do you mean ZScaler application?
Mar 19, 2025
2
Level 8
Can spatie/laravel-csp Fix These CSP Issues Detected by ZAP?
Hey everyone,
I ran a security test on my Laravel app using ZAP, and the results flagged several CSP-related issues:
| Alert Type | Risk | Count |
|---|---|---|
| CSP: Wildcard Directive | Medium | 9 (52.9%) |
| CSP: script-src unsafe-eval | Medium | 5 (29.4%) |
| CSP: script-src unsafe-inline | Medium | 5 (29.4%) |
| CSP: style-src unsafe-inline | Medium | 5 (29.4%) |
From my understanding, these issues stem from loose Content Security Policy rules, particularly allowing unsafe-eval, unsafe-inline, and wildcard directives.
I'm wondering if using the spatie/laravel-csp package can help mitigate these vulnerabilities. Has anyone successfully used this package to tighten CSP rules and resolve similar issues?
If so, what configuration settings did you use?
Any guidance would be appreciated! 🚀
Level 21
The short answer is yes.
The packages allows you to customize it to meet your needs. CSP can be a pain and tedious trial an error.
Please or to participate in this conversation.