Task #73047: Content-Security-Policy for the Backend - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Task #73047

closed

Content-Security-Policy for the Backend

Added by Peter Proell about 8 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Security

Target version:

Start date:

2016-01-31

Due date:

% Done:

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

There is still (7.6) CSP Issues in the backend (/typo3) and I am wondering why ticket 63712 has been closed.
We should add a fitting CSP to the .htaccess in /typo3. Currently I am adding

Header set Content-Security-Policy "default-src * 'unsafe-eval' 'unsafe-inline';

in /typo3/.htaccess to overrule the more strict CSP of the website itself and make the backend work as well.
It would be a nice security feature if the TYPO3 backend would support a stricter CSP.

Infos on CSP:

http://content-security-policy.com/
https://de.wikipedia.org/wiki/Content_Security_Policy

Related issues 2 (1 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Watchers (4)

Task #73047

Content-Security-Policy for the Backend

Updated by Riccardo De Contardi almost 8 years ago

Updated by Frans Saris over 6 years ago

Updated by Felix Nagel over 6 years ago

Updated by Oliver Hader over 5 years ago

Updated by Oliver Hader over 5 years ago