Project

General

Profile

Actions

Bug #104125

closed

CSP violation of Sitemap.xsl in XML sitemap

Added by Peter Kraume 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
SEO
Target version:
-
Start date:
2024-06-16
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
13
PHP Version:
8.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

The XML sitemap of EXT:seo contains a xml-stylesheet e.g. like this:

<?xml-stylesheet type="text/xsl" href="/_assets/984e6ee9829f85eb447bb6a36455204a/CSS/Sitemap.xsl"?>

When Content Security Policy is enabled for the frontend, the browser console issues an error:

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src-elem 'self' 'nonce-5SQacQND6pnXGXg2TxtAJVRyTvzSUddSm8lSmcx5XL7xTh7STYnqLA' 'report-sample'". Either the 'unsafe-inline' keyword, a hash ('sha256-d0ax6zoVJBeBpy4l3O2FJ6Y1L4SalCWw2x62uoJH15k='), or a nonce ('nonce-...') is required to enable inline execution.


Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #103149: CSP prevents sitemap.xml inline CSS stylesResolved2024-02-19

Actions
Actions

Also available in: Atom PDF