Project

General

Profile

Actions
Copy link

Bug #100904

open

Epic #87417: Integrate proper Content Security Policy (CSP) handling

Feature #99499: Introduce Content Security Policy handling

Fallback to script-src and style-src

Added by Oliver Hader 11 months ago. Updated 9 months ago.

Status:
New
Priority:
Should have
Assignee:
Oliver Hader
Category:
Security
Target version:
-
Start date:
2023-05-20
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Using CSP in the wild still shows several browsers not supporting the -attr or -elem (CSP level 3) variants of script-src and style-src (CSP level 1). Therefore it seems to be required, to introduce an internal merge/fall-back possibility, but still keeping the specific -attr or -elem declarations for the future.

Thus, when instructed, the -attr or -elem declarations shall be merged into their parent script-src and style-src directives. The instruction might be different for each scope (backend, frontend, frontend-site).

Actions
Copy link
 #1

Updated by Oliver Hader 11 months ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Oliver Hader 9 months ago

  • Description updated (diff)
Actions
Copy link

Also available in: Atom PDF