Project

General

Profile

Actions

Bug #95312

closed

SVG Style-Tag CSP-Block / Firefox-Bug

Added by Neobe Parlot about 3 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Install Tool
Start date:
2021-09-22
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Problem: SVG-Files with Style-Tag are rendered black in Firefox (or Chrome opened in seperate tab).

Related Information: https://www.sebkln.de/en/tutorials/http-security-header-part-2-csp/#svg-files

Firefox-Bug-Report: https://bugzilla.mozilla.org/show_bug.cgi?id=1262842

Workaround / Solution:
Adding this Part to .htaccess under /fileadmin (Line ~13/14)

<IfModule mod_headers.c>
    <FilesMatch "\.(svgz?)$">
        Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'" 
    </FilesMatch>
</IfModule>

Feature request:
can we get an option to change the source of "resources-root-htaccess" which is used in "environment (installtool) -> fix folderstructure"?
web/typo3/sysext/install/Classes/FolderStructure/DefaultFactory.php
web/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #92893: SVG sprites are a breaking change, requiring CSP `default-src` to not be 'none'. Otherwise, icons are blocked in Firefox.Closed2020-11-20

Actions
Is duplicate of TYPO3 Core - Bug #93884: fileadmin/.htaccess (resources-root-htaccess) partially blocks SVG filesClosed2021-04-08

Actions
Actions #1

Updated by Oliver Hader about 3 years ago

  • Category changed from Security to Install Tool
  • Assignee deleted (Oliver Hader)
Actions #2

Updated by Benni Mack about 3 years ago

  • Target version changed from 11 LTS to Candidate for patchlevel
Actions #3

Updated by Oliver Hader almost 3 years ago

  • Related to Bug #92893: SVG sprites are a breaking change, requiring CSP `default-src` to not be 'none'. Otherwise, icons are blocked in Firefox. added
Actions #4

Updated by Oliver Hader almost 2 years ago

  • Related to Bug #93884: fileadmin/.htaccess (resources-root-htaccess) partially blocks SVG files added
Actions #5

Updated by Oliver Hader almost 2 years ago

  • Related to deleted (Bug #93884: fileadmin/.htaccess (resources-root-htaccess) partially blocks SVG files)
Actions #6

Updated by Oliver Hader almost 2 years ago

  • Is duplicate of Bug #93884: fileadmin/.htaccess (resources-root-htaccess) partially blocks SVG files added
Actions #7

Updated by Oliver Hader almost 2 years ago

  • Status changed from New to Resolved
Actions #8

Updated by Benni Mack almost 2 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF