Project

General

Profile

Actions

Bug #100621

closed

Epic #87417: Integrate proper Content Security Policy (CSP) handling

CSP: Reduce a directive by a URL in csp.yaml is not working

Added by Chris Müller over 1 year ago. Updated 4 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
Start date:
2023-04-16
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Given the following snippet in a csp.yaml:

inheritDefault: true
mutations:
  - mode: reduce
    directive: 'frame-src'
    sources:
      - "*.vimeo.com" 

This should remove the default source "*.vimeo.com", but it does not.

The problem seems to lie in the SourceCollection->without() method: Here two UriValue objects are compared via in_array which returns false (and negate to true). So the source is kept.


Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Feature #99499: Introduce Content Security Policy handlingUnder ReviewOliver Hader2023-03-01

Actions
Actions #1

Updated by Chris Müller over 1 year ago

  • Related to Feature #99499: Introduce Content Security Policy handling added
Actions #2

Updated by Chris Müller over 1 year ago

  • Subject changed from CSP: Reduce a directive by an URL in csp.yaml is not working to CSP: Reduce a directive by a URL in csp.yaml is not working
Actions #3

Updated by Gerrit Code Review over 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78712

Actions #4

Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/78712

Actions #5

Updated by Oliver Hader over 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #6

Updated by Benni Mack 4 months ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF