Project

General

Profile

Actions
Copy link

Bug #100446

closed

Epic #87417: Integrate proper Content Security Policy (CSP) handling

Feature #99499: Introduce Content Security Policy handling

Add youtube-nocookie.com to static CSP declarations

Added by Oliver Hader about 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Should have
Assignee:
Oliver Hader
Category:
Security
Target version:
12 LTS
Start date:
2023-04-04
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

  • TYPO3 backend
  • introduction-package installed
  • visit Web → View Module
  • select /Congratulations/Content Examples/Media/ (46) in page tree

Refused to frame 'https://www.youtube-nocookie.com/' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

Actions
Copy link
 #1

Updated by Gerrit Code Review about 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78459

Actions
Copy link
 #2

Updated by Oliver Hader about 1 year ago

  • Parent task set to #99499
Actions
Copy link
 #3

Updated by Oliver Hader about 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF