Bug #100621: CSP: Reduce a directive by a URL in csp.yaml is not working - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #100621

closed

Epic #87417: Integrate proper Content Security Policy (CSP) handling

CSP: Reduce a directive by a URL in csp.yaml is not working

Added by Chris Müller over 1 year ago. Updated 5 months ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Target version:

12 LTS

Start date:

2023-04-16

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Given the following snippet in a csp.yaml:

inheritDefault: true
mutations:
  - mode: reduce
    directive: 'frame-src'
    sources:
      - "*.vimeo.com"

This should remove the default source "*.vimeo.com", but it does not.

The problem seems to lie in the SourceCollection->without() method: Here two UriValue objects are compared via in_array which returns false (and negate to true). So the source is kept.

Related issues 1 (1 open — 0 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #100621

CSP: Reduce a directive by a URL in csp.yaml is not working

Updated by Chris Müller over 1 year ago

Updated by Chris Müller over 1 year ago

Updated by Gerrit Code Review over 1 year ago

Updated by Gerrit Code Review over 1 year ago

Updated by Oliver Hader over 1 year ago

Updated by Benni Mack 5 months ago