Bug #103939
closed
Allow using CSPs without Nonce-feature
0%
Description
It should be possible to write a middleware that adds frontend CSPs without nonces being required.
Forcing nonce usage has a serious performance implication as in fact every request has to be partially uncached
Updated by
Updated by Gerrit Code Review 6 months ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/84433
Updated by Gerrit Code Review 6 months ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/84433
Updated by Benjamin Franzke 6 months ago
- Related to Bug #103942: nonce is rendered to the CSP Header although nonce has not been consumed added
Updated by Gerrit Code Review 6 months ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/84433
Updated by Gerrit Code Review 6 months ago
Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/84433
Updated by Gerrit Code Review 6 months ago
Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/84433
Updated by Benjamin Franzke 6 months ago
- Status changed from Under Review to Rejected
Should be fixed via #103942.