Project

General

Profile

Actions
Copy link

Bug #100456

closed

Don't report AdminPanel usages to CSP

Added by Daniel Siepmann over 1 year ago. Updated 5 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2023-04-05
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

I guess this relates to the usage of symfony var dumper for "Events" tab within "Debug" panel.

Steps to reproduce:

  1. Enable CSP feature toggle for frontend
  2. Install Admin Panel
  3. Enable Admin Panel for User in Frontend
  4. Open Admin Panel (It won't do anything without being opened / toggled)
  5. Open CSP Backend Module, it should have three entries

Files

Download all files
clipboard-202304050939-k2gei.png (74 KB) clipboard-202304050939-k2gei.png Daniel Siepmann, 2023-04-05 07:39
100456-fine.png (837 KB) 100456-fine.png Oliver Hader, 2023-05-19 06:15

Related issues 2 (1 open1 closed)

Related to TYPO3 Core - Feature #99499: Introduce Content Security Policy handlingUnder ReviewOliver Hader2023-03-01

Actions
Has duplicate TYPO3 Core - Bug #101169: Admin panel does not allow usage of "nonce"Closed2023-06-26

Actions
Actions
Copy link
 #1

Updated by Daniel Siepmann over 1 year ago

  • Related to Feature #99499: Introduce Content Security Policy handling added
Actions
Copy link
 #2

Updated by Oliver Hader over 1 year ago

  • Status changed from New to Needs Feedback

window.Sfdump does not seem to be a TYPO3 core component (I could not find it in the sources).
Could you please find out, where this is coming from?

Actions
Copy link
 #3

Updated by Daniel Siepmann over 1 year ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Gerrit Code Review over 1 year ago

  • Status changed from Needs Feedback to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #5

Updated by Oliver Hader over 1 year ago

I've create a PoC change - which does not work, since Symfony is using inline scripts like innerHTML = whatever, which needs to be fixed first (on Symfony's side).

e.g. https://github.com/symfony/var-dumper/blob/6.2/Dumper/HtmlDumper.php#L160

Actions
Copy link
 #6

Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #7

Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #9

Updated by Gerrit Code Review over 1 year ago

Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #10

Updated by Gerrit Code Review over 1 year ago

Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #11

Updated by Oliver Hader over 1 year ago

This should be working now, the upcoming release of symfony/var-dumper v6.3 includes this change.

Actions
Copy link
 #12

Updated by Gerrit Code Review over 1 year ago

Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #13

Updated by Gerrit Code Review over 1 year ago

Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #14

Updated by Gerrit Code Review over 1 year ago

Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #15

Updated by Gerrit Code Review over 1 year ago

Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #16

Updated by Gerrit Code Review over 1 year ago

Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #17

Updated by Gerrit Code Review over 1 year ago

Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #18

Updated by Gerrit Code Review over 1 year ago

Patch set 1 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/79204

Actions
Copy link
 #19

Updated by Gerrit Code Review over 1 year ago

Patch set 12 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78512

Actions
Copy link
 #20

Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/79204

Actions
Copy link
 #21

Updated by Oliver Hader over 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #22

Updated by Oliver Hader over 1 year ago

  • Has duplicate Bug #101169: Admin panel does not allow usage of "nonce" added
Actions
Copy link
 #23

Updated by Benni Mack 5 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF