Bug #34203
closed
Images from ter-hoster break SSL address-bar in the browsers + CSP
100%
Description
Normal i have a secure connection in backend, but images from ter-hoster are http from typo3.
typo3 has also https.
Because of the frames and ajax the address-bar won't be restored in SSL design.
I know SSL is still active, but somebody else maybe don't know it.
CSP Mozilla/Webkit:
The next problem, if you use CSP and say no external images and frames....
https://wiki.mozilla.org/Security/CSP
Maybe add images in typo3 package or load it with php and save it in typo3temp.
Updated by Gerrit Code Review over 12 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/9170
Updated by Georg Ringer over 12 years ago
i did a patch to enforce ssl, however having those images local isn't a one liner, so no patch for that... as there need to be thought about how to update those images, ....
Updated by Gerrit Code Review over 12 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/9170
Updated by Gerrit Code Review over 12 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/9170
Updated by Gerrit Code Review over 12 years ago
Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at http://review.typo3.org/9437
Updated by Gerrit Code Review over 12 years ago
Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at http://review.typo3.org/9438
Updated by Gerrit Code Review over 12 years ago
Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at http://review.typo3.org/9439
Updated by Georg Ringer over 12 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset fd61d5f58650dd3799e903c9a3b364e117802be6.
Updated by