Bug #100621
closed
Epic #87417: Integrate proper Content Security Policy (CSP) handling
CSP: Reduce a directive by a URL in csp.yaml is not working
100%
Description
Given the following snippet in a csp.yaml:
inheritDefault: true
mutations:
- mode: reduce
directive: 'frame-src'
sources:
- "*.vimeo.com"
This should remove the default source "*.vimeo.com", but it does not.
The problem seems to lie in the SourceCollection->without() method: Here two UriValue objects are compared via in_array which returns false (and negate to true). So the source is kept.
Updated by Chris Müller about 1 year ago
- Related to Feature #99499: Introduce Content Security Policy handling added
Updated by Chris Müller about 1 year ago
- Subject changed from CSP: Reduce a directive by an URL in csp.yaml is not working to CSP: Reduce a directive by a URL in csp.yaml is not working
Updated by Gerrit Code Review about 1 year ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78712
Updated by Gerrit Code Review about 1 year ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78712
Updated by Oliver Hader about 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset e21164890c62c3d53c38846d9003412cfce360b3.