Actions
Bug #100904
openEpic #87417: Integrate proper Content Security Policy (CSP) handling
Feature #99499: Introduce Content Security Policy handling
Fallback to script-src and style-src
Start date:
2023-05-20
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
Using CSP in the wild still shows several browsers not supporting the -attr
or -elem
(CSP level 3) variants of script-src
and style-src
(CSP level 1). Therefore it seems to be required, to introduce an internal merge/fall-back possibility, but still keeping the specific -attr
or -elem
declarations for the future.
Thus, when instructed, the -attr
or -elem
declarations shall be merged into their parent script-src
and style-src
directives. The instruction might be different for each scope (backend, frontend, frontend-site).
Actions