I have turned Content Security Policy on in my App.php config file which works fine across all pages of my site. Except I am running a security scanner which detects that on 404 pages it isn't running.
Is there a setting in Codeigniter 4 I need to turn on so that CSP is enabled on 404 pages?
It turns out if you define your own 404 handler then this problem is automatically resolved.
The solution is to therefore adjust the following in your Config\Routes.php
$routes->set404Override('\App\Controllers\Site::error404');
Then in your controller create a 404 handling function (I called mine error404). However what is strange is you must echo your view and not return it. Not quite sure why but that fixed my problem.