Project

General

Profile

Actions

Task #100906

open

Epic #87417: Integrate proper Content Security Policy (CSP) handling

Feature #99499: Introduce Content Security Policy handling

Handle CSP violations in browser extensions

Added by Oliver Hader over 1 year ago. Updated 5 months ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Content Security Policy
Target version:
-
Start date:
2023-05-20
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

General

Payloads

{"blocked-uri":"inline","column-number":9,"disposition":"enforce","document-uri":"https:\/\/indiemusik-festival.de\/events\/festival-2023","effective-directive":"script-src-elem","line-number":33,"original-policy":"frame-src 'self' https:\/\/*.youtube-nocookie.com https:\/\/*.youtube.com https:\/\/*.vimeo.com https:\/\/instagram.com https:\/\/*.instagram.com; img-src 'self' https:\/\/*.ytimg.com https:\/\/*.vimeocdn.com data: https:\/\/instagram.com https:\/\/*.instagram.com; default-src 'self'; script-src 'self' 'nonce-XnDPuvTcc38QsmBT2aH5OLzK1Vv1G9l_HZZ-sioaqjJmVB2lpp7RXg' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; object-src 'none'; base-uri 'none'; style-src 'self' 'report-sample'; connect-src 'self' https:\/\/analytics.in-die-musik.de; script-src-elem 'self' 'nonce-XnDPuvTcc38QsmBT2aH5OLzK1Vv1G9l_HZZ-sioaqjJmVB2lpp7RXg' https:\/\/analytics.in-die-musik.de 'report-sample'; font-src 'self' data:; media-src 'self' https:\/\/cloud.in-die-musik.de; report-uri https:\/\/indiemusik-festival.de\/@http-reporting?csp=report&requestTime=1684526938506325","referrer":"","script-sample":"(function (NAVIGATOR, OBJECT) {\n\n    if \u2026","source-file":"moz-extension","status-code":200,"violated-directive":"script-src-elem"}

"source-file":"moz-extension"
→ payload (function (NAVIGATOR, OBJECT) { if
→ trigger https://github.com/EFForg/privacybadger/blob/ef6a2b38b2550e8805076b072645367c4e044a79/src/js/contentscripts/dnt.js#L23


...


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #101887: Javascript error for each module visited on the backendClosed2023-09-09

Actions
Actions #1

Updated by Oliver Hader over 1 year ago

  • Tracker changed from Feature to Task
  • TYPO3 Version set to 12
Actions #2

Updated by Oliver Hader over 1 year ago

  • Category set to Security
Actions #3

Updated by Oliver Hader over 1 year ago

  • Description updated (diff)
Actions #4

Updated by Oliver Hader over 1 year ago

  • Description updated (diff)
Actions #5

Updated by Oliver Hader about 1 year ago

  • Related to Bug #101887: Javascript error for each module visited on the backend added
Actions #6

Updated by Oliver Hader about 1 year ago

  • Description updated (diff)
Actions #7

Updated by Georg Ringer 5 months ago

  • Category changed from Security to Content Security Policy
Actions

Also available in: Atom PDF