Project

General

Profile

Actions

Feature #101580

closed

Add feature flag to enable CSP ReportOnly mode

Added by Sascha Nowak about 1 year ago. Updated 16 days ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Content Security Policy
Target version:
-
Start date:
2023-08-04
Due date:
% Done:

100%

Estimated time:
PHP Version:
Tags:
Complexity:
easy
Sprint Focus:

Description

Since version 13 the backend CSP is enabled by default. The feature flag that is introduced in version 12 is now always active.
It would be great to have the possibility to put the frontend in report only mode to collect data before rolling out the CSP.

To archive this I would introduce another feature flag `security.frontend.contentSecurityPolicyReportOnly`.


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Feature #104470: CSP - Report-Only modeClosedOliver Hader2024-07-24

Actions
Related to TYPO3 Core - Task #104549: Activation of CSP headers for frontend per site in multidomain installationClosed2024-08-05

Actions
Actions

Also available in: Atom PDF