Project

General

Profile

Actions
Copy link

Bug #95312

closed

SVG Style-Tag CSP-Block / Firefox-Bug

Added by Neobe Parlot about 3 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Install Tool
Target version:
Candidate for patchlevel
Start date:
2021-09-22
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Problem: SVG-Files with Style-Tag are rendered black in Firefox (or Chrome opened in seperate tab).

Related Information: https://www.sebkln.de/en/tutorials/http-security-header-part-2-csp/#svg-files

Firefox-Bug-Report: https://bugzilla.mozilla.org/show_bug.cgi?id=1262842

Workaround / Solution:
Adding this Part to .htaccess under /fileadmin (Line ~13/14)

<IfModule mod_headers.c>
    <FilesMatch "\.(svgz?)$">
        Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'" 
    </FilesMatch>
</IfModule>

Feature request:
can we get an option to change the source of "resources-root-htaccess" which is used in "environment (installtool) -> fix folderstructure"?
web/typo3/sysext/install/Classes/FolderStructure/DefaultFactory.php
web/typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #92893: SVG sprites are a breaking change, requiring CSP `default-src` to not be 'none'. Otherwise, icons are blocked in Firefox.Closed2020-11-20

Actions
Is duplicate of TYPO3 Core - Bug #93884: fileadmin/.htaccess (resources-root-htaccess) partially blocks SVG filesClosed2021-04-08

Actions
Actions
Copy link

Also available in: Atom PDF