Task #100887
open
Allow remote proxies to handle CSP nonce values
Added by Oliver Hader about 1 year ago. Updated about 1 month ago.
0%
Description
→ find examples at https://scotthelme.co.uk/csp-nonces-the-easy-way-with-cloudflare-workers/
Find a way that e.g. uses a static nonce value, e.g. <script src="..." nonce="[[nonce-placeholder]]"> which will be substituted by a remote proxy server (nginx, CloudFlare, ...). In addition, that proxy server would have to take care of adjusting the CSP HTTP headers as well.
Updated by Torben Hansen about 1 year ago
Benjamin Franzke found this https://serverfault.com/a/1064775 discussion. So in conclusion, a cached nonce may not be a general problem for the CSP
Updated by Oliver Hader about 1 year ago
Torben Hansen wrote in #note-4:
Benjamin Franzke found this https://serverfault.com/a/1064775 discussion. So in conclusion, a cached
noncemay not be a general problem for the CSP
As long as the nonce changes when the content is changed, this is okay.
However for TYPO3 USER_INT or COA_INT it is unknown, which content has been served previously. I think having a few examples and documentation for dynamic workers on CloudFlare or Varnish would be a good thing.
Updated by Gerrit Code Review 11 months ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 11 months ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 11 months ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 11 months ago
Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 11 months ago
Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 11 months ago
Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 11 months ago
Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 11 months ago
Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 11 months ago
Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 12 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 13 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 14 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 15 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 16 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 17 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 18 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 19 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 20 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 21 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 22 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 23 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 24 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 9 months ago
Patch set 25 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 8 months ago
Patch set 26 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 7 months ago
Patch set 27 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Gerrit Code Review 7 months ago
Patch set 28 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80554
Updated by Oliver Hader 3 months ago
- Related to Bug #103149: CSP prevents sitemap.xml inline CSS styles added
Updated by Georg Ringer about 1 month ago
- Category changed from Security to Content Security Policy