Bug #100041
closed
Unexpected warning in environment status check after new CSP default for svg files in resources root htaccess
100%
Description
The issue #93884 has been fixed with an updated CSP default for svg files in the resources (fileadmin) root .htaccess file.
...
# matching requested *.svg files only (allows using inline styles when serving SVG files)
<FilesMatch "\.svg">
Header set Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'unsafe-inline'; object-src 'none';"
</FilesMatch>
...
This now leads to an unexpected warning in the environment status check:
Unexpected server response https://www.mysite.localhost/fileadmin/b1626f66.tmp/531f7264.svg: weak Content-Security-Policy for this location "default-src 'self'; script-src 'none'; style-src 'unsafe-inline'; object-src 'none';"
This could be irritating for an admin as this is the desired CSP for svg files. Maybe the server response check also needs to be updated.
Updated by Georg Ringer over 1 year ago
- Related to Bug #93884: fileadmin/.htaccess (resources-root-htaccess) partially blocks SVG files added
Updated by Gerrit Code Review over 1 year ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78005
Updated by Gerrit Code Review over 1 year ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78005
Updated by Gerrit Code Review over 1 year ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78005
Updated by Gerrit Code Review over 1 year ago
Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78005
Updated by Gerrit Code Review over 1 year ago
Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78005
Updated by Gerrit Code Review over 1 year ago
Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78005
Updated by Gerrit Code Review over 1 year ago
Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78005
Updated by Gerrit Code Review over 1 year ago
Patch set 1 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78927
Updated by Gerrit Code Review over 1 year ago
Patch set 2 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78927
Updated by Gerrit Code Review over 1 year ago
Patch set 3 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78927
Updated by Oliver Hader over 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 79a9f4778c96c3e51a37d9ff936c5c87176110c3.
Updated by Gerrit Code Review over 1 year ago
- Status changed from Resolved to Under Review
Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/79033
Updated by Oliver Hader over 1 year ago
- Status changed from Under Review to Resolved
Applied in changeset 59608545ef2eea4285cbab8eb0497d07a175f8a4.
Updated by