Bug #103640: CSP: default-src: 'none' is inherited to other directives - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #103640

open

CSP: default-src: 'none' is inherited to other directives

Added by Chris Müller 7 months ago.

Status:

New

Priority:

Should have

Assignee:

Oliver Hader

Category:

Content Security Policy

Target version:

Candidate for patchlevel

Start date:

2024-04-16

Due date:

% Done:

Estimated time:

TYPO3 Version:

PHP Version:

8.3

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Using this configuration:

inheritDefault: false

mutations:
  - mode: set
    directive: 'default-src'
    sources:
      - "'none'" 

  - mode: extend
    directive: "child-src" 
    sources:
      - "'self'"

results in this output:

default-src 'none'; child-src 'none' 'self'

The 'none' in "child-src" is obviously wrong.

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #103640

CSP: default-src: 'none' is inherited to other directives