Actions
Bug #95312
closedSVG Style-Tag CSP-Block / Firefox-Bug
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Install Tool
Target version:
Start date:
2021-09-22
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
11
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
Problem: SVG-Files with Style-Tag are rendered black in Firefox (or Chrome opened in seperate tab).
Related Information: https://www.sebkln.de/en/tutorials/http-security-header-part-2-csp/#svg-files
Firefox-Bug-Report: https://bugzilla.mozilla.org/show_bug.cgi?id=1262842
Workaround / Solution:
Adding this Part to .htaccess under /fileadmin (Line ~13/14)
<IfModule mod_headers.c>
<FilesMatch "\.(svgz?)$">
Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'"
</FilesMatch>
</IfModule>
Feature request:
can we get an option to change the source of "resources-root-htaccess" which is used in "environment (installtool) -> fix folderstructure"?
web/typo3/sysext/install/Classes/FolderStructure/DefaultFactory.php
web/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess
Updated by Oliver Hader about 3 years ago
- Category changed from Security to Install Tool
- Assignee deleted (
Oliver Hader)
Updated by Benni Mack about 3 years ago
- Target version changed from 11 LTS to Candidate for patchlevel
Updated by Oliver Hader almost 3 years ago
- Related to Bug #92893: SVG sprites are a breaking change, requiring CSP `default-src` to not be 'none'. Otherwise, icons are blocked in Firefox. added
Updated by Oliver Hader almost 2 years ago
- Related to Bug #93884: fileadmin/.htaccess (resources-root-htaccess) partially blocks SVG files added
Updated by Oliver Hader almost 2 years ago
- Related to deleted (Bug #93884: fileadmin/.htaccess (resources-root-htaccess) partially blocks SVG files)
Updated by Oliver Hader almost 2 years ago
- Is duplicate of Bug #93884: fileadmin/.htaccess (resources-root-htaccess) partially blocks SVG files added
Updated by Oliver Hader almost 2 years ago
- Status changed from New to Resolved
Applied in changeset 1e026a625eb1727f8d78573bb66462087392010d.
Actions