Fountain

Security

Fountain has a few default configs to help make it secure and protect both your foundry and your customers.

Core Security Measures

  • Require HTTPS - All traffic is encrypted to protect sensitive customer data and font files
  • Input Sanitization - All user input is sanitized, including cart items, login credentials, and form submissions
  • Content Security Policy (CSP) - Default setup allows content from 'self' and Paddle (for payments), preventing XSS attacks. This can be modified via config
  • Nonce-based Script Security - Inline scripts require a nonce to execute: <script nonce="<?= $site->cspNonce() ?>">

Working with Nonces

Basic Usage

Each page load generates a fresh nonce that can be accessed via <?= $site->cspNonce() ?>. This prevents unauthorized script injection while allowing your legitimate inline scripts to run.

With Kirby Helpers

For JavaScript files loaded via Kirby's js() helper, you can add the nonce:

<?= js('/path/to/file.js', ['nonce' => $site->cspNonce()]) ?>

Inline Script Example

<script nonce="<?= $site->cspNonce() ?>">
  // Your inline JavaScript code
  console.log('This script will execute safely');
</script>

Customizing Content Security Policy

Including Third-party Domains

If you need to load resources from trusted external sources (like CDNs or analytics), you can modify the CSP config:

// site/config/config.php
return [
  'fountain.csp.scriptSrc' => [
    "'self'",
    "'nonce-{nonce}'",
    'https://cdn.jsdelivr.net',
    'https://fonts.googleapis.com'
  ],
  'fountain.csp.styleSrc' => [
    "'self'",
    "'unsafe-inline'", // Often needed for web fonts
    'https://fonts.googleapis.com'
  ]
];

Common CSP Directives for Type Foundries

  • font-src - Control where web fonts can be loaded from
  • img-src - Manage image sources (important for specimen images)
  • connect-src - Control AJAX requests (useful for cart updates)

File Protection

Font File Security

  • Font files are served through Kirby's routing system, allowing for access control
  • Digital rights management can be implemented at the route level
  • Download tracking and limitations can be enforced

Customer Data Protection

  • Customer information is stored securely in Kirby's content structure
  • Purchase history and download access are protected by authentication
  • Payment processing is handled by Paddle (PCI compliant)

Best Practices

For Developers

  1. Always use the provided nonce for any custom inline scripts
  2. Test CSP changes thoroughly - overly restrictive policies can break functionality
  3. Keep Kirby and Fountain updated for security patches
  4. Use environment variables for sensitive configuration

For Foundry Owners

  1. Regular backups of your content and customer data
  2. Monitor for unusual download patterns or access attempts
  3. Keep your server environment updated
  4. Use strong passwords and enable two-factor authentication where possible

Development vs Production

In development, you might want to relax some CSP rules for easier debugging:

// site/config/config.localhost.php (development only)
return [
  'fountain.csp.reportOnly' => true, // Log violations instead of blocking
  'debug' => true
];

Remember to never deploy development configs to production.