Project

General

Profile

Actions
Copy link

Bug #103939

closed

Allow using CSPs without Nonce-feature

Added by Patrick Schriner 6 months ago. Updated 6 months ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2024-05-28
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
easy
Is Regression:
Sprint Focus:

Description

It should be possible to write a middleware that adds frontend CSPs without nonces being required.

Forcing nonce usage has a serious performance implication as in fact every request has to be partially uncached

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #103942: nonce is rendered to the CSP Header although nonce has not been consumedClosedBenjamin Franzke2024-05-28

Actions
Actions
Copy link

Also available in: Atom PDF