Project

General

Profile

Actions
Copy link

Feature #99499

open

Epic #87417: Integrate proper Content Security Policy (CSP) handling

Introduce Content Security Policy handling

Added by Oliver Hader over 1 year ago. Updated 6 months ago.

Status:
Under Review
Priority:
Should have
Assignee:
Oliver Hader
Category:
Security
Target version:
Candidate for Major Version
Start date:
2023-03-01
Due date:
% Done:

75%

Estimated time:
(Total: 0.00 h)
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Test-Extension https://packagist.org/packages/oliver-hader/csp-test

Files

99499.png (487 KB) 99499.png Oliver Hader, 2023-02-24 20:10

Subtasks 16 (4 open12 closed)

Feature #100055: Introduce Content Security Policy headersClosed2023-03-01

Actions
Feature #100056: Introduce Content Security Policy reporting & inspectionClosed2023-03-01

Actions
Task #100140: Properly handle inline stylesheetsClosed2023-03-11

Actions
Task #100141: Add possibility to add resource hashesClosedOliver Hader2023-03-11

Actions
Task #100190: Fix RST documentation issuesClosed2023-03-17

Actions
Task #100413: Add policy inspection & management to Content-Security-Policy moduleUnder ReviewOliver Hader2023-04-03

Actions
Bug #100446: Add youtube-nocookie.com to static CSP declarationsResolvedOliver Hader2023-04-04

Actions
Bug #100460: Page preview of different domain cannot be shown in web>view moduleResolvedOliver Hader2023-04-05

Actions
Task #100691: Track CSP nonce consumptionClosed2023-04-20

Actions
Task #100903: Add Facebook In-App HandlerUnder ReviewOliver Hader2023-05-20

Actions
Bug #100904: Fallback to script-src and style-srcNewOliver Hader2023-05-20

Actions
Bug #100905: Deny base-uri and object-src per defaultResolvedOliver Hader2023-05-20

Actions
Task #100906: Handle CSP violations in browser extensionsNew2023-05-20

Actions
Bug #101460: Allow strict-dynamic only for applicable CSP directivesResolved2023-07-27

Actions
Bug #101477: Extend CSP directives and sourcesResolvedOliver Hader2023-07-28

Actions
Task #101751: Use ConsumableNonce instead of blunt Nonce in CSP contextClosedOliver Hader2023-08-25

Actions

Related issues 6 (1 open5 closed)

Related to TYPO3 Core - Bug #100456: Don't report AdminPanel usages to CSPResolved2023-04-05

Actions
Related to TYPO3 Core - Bug #100517: Content Security Policy: Report is not stored when no site language is defined on "/"Resolved2023-04-06

Actions
Related to TYPO3 Core - Task #100534: Avoid PHP deprecation in CSP reportClosedChris Müller2023-04-08

Actions
Related to TYPO3 Core - Task #100535: CSP module: On small browser size the UX of the details view could be improvedAccepted2023-04-08

Actions
Related to TYPO3 Core - Bug #100621: CSP: Reduce a directive by a URL in csp.yaml is not workingResolved2023-04-16

Actions
Related to TYPO3 Core - Task #101087: Always enable "security.backend.enforceContentSecurityPolicy"ClosedBenni Mack2023-06-15

Actions
Actions
Copy link
 #1

Updated by Gerrit Code Review over 1 year ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #2

Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #3

Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #4

Updated by Gerrit Code Review over 1 year ago

Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #5

Updated by Gerrit Code Review over 1 year ago

Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #6

Updated by Gerrit Code Review over 1 year ago

Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #7

Updated by Gerrit Code Review over 1 year ago

Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #8

Updated by Gerrit Code Review over 1 year ago

Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #9

Updated by Gerrit Code Review over 1 year ago

Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #10

Updated by Gerrit Code Review over 1 year ago

Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #11

Updated by Gerrit Code Review over 1 year ago

Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #12

Updated by Gerrit Code Review about 1 year ago

Patch set 12 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #13

Updated by Gerrit Code Review about 1 year ago

Patch set 13 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #14

Updated by Gerrit Code Review about 1 year ago

Patch set 14 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #15

Updated by Gerrit Code Review about 1 year ago

Patch set 15 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #16

Updated by Gerrit Code Review about 1 year ago

Patch set 16 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #17

Updated by Gerrit Code Review about 1 year ago

Patch set 17 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #18

Updated by Gerrit Code Review about 1 year ago

Patch set 18 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #19

Updated by Gerrit Code Review about 1 year ago

Patch set 19 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #20

Updated by Oliver Hader about 1 year ago

Actions
Copy link
 #21

Updated by Gerrit Code Review about 1 year ago

Patch set 20 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #22

Updated by Gerrit Code Review about 1 year ago

Patch set 21 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #23

Updated by Gerrit Code Review about 1 year ago

Patch set 22 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #24

Updated by Gerrit Code Review about 1 year ago

Patch set 23 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #25

Updated by Gerrit Code Review about 1 year ago

Patch set 24 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #26

Updated by Gerrit Code Review about 1 year ago

Patch set 25 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #27

Updated by Gerrit Code Review about 1 year ago

Patch set 26 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #28

Updated by Gerrit Code Review about 1 year ago

Patch set 27 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #29

Updated by Gerrit Code Review about 1 year ago

Patch set 28 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #30

Updated by Gerrit Code Review about 1 year ago

Patch set 29 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #31

Updated by Gerrit Code Review about 1 year ago

Patch set 30 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #32

Updated by Gerrit Code Review about 1 year ago

Patch set 31 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions
Copy link
 #33

Updated by Oliver Hader about 1 year ago

  • Subject changed from Add Content Security Policy domain models to Introduce Content Security Policy handling
Actions
Copy link
 #34

Updated by Oliver Hader about 1 year ago

  • Subtask #100055 added
Actions
Copy link
 #35

Updated by Oliver Hader about 1 year ago

  • Subtask #100056 added
Actions
Copy link
 #36

Updated by Oliver Hader about 1 year ago

  • Subtask #100140 added
Actions
Copy link
 #37

Updated by Oliver Hader about 1 year ago

  • Description updated (diff)
Actions
Copy link
 #38

Updated by Oliver Hader about 1 year ago

  • Subtask #100141 added
Actions
Copy link
 #39

Updated by Oliver Hader about 1 year ago

  • Subtask #100190 added
Actions
Copy link
 #40

Updated by Oliver Hader about 1 year ago

  • Subtask #100413 added
Actions
Copy link
 #41

Updated by Oliver Hader about 1 year ago

  • Subtask #100446 added
Actions
Copy link
 #42

Updated by Daniel Siepmann about 1 year ago

  • Related to Bug #100456: Don't report AdminPanel usages to CSP added
Actions
Copy link
 #43

Updated by Oliver Hader about 1 year ago

  • Subtask #100460 added
Actions
Copy link
 #44

Updated by Benni Mack about 1 year ago

  • Target version changed from 12 LTS to Candidate for Major Version
Actions
Copy link
 #45

Updated by Chris Müller about 1 year ago

  • Related to Bug #100517: Content Security Policy: Report is not stored when no site language is defined on "/" added
Actions
Copy link
 #46

Updated by Chris Müller about 1 year ago

  • Related to Task #100534: Avoid PHP deprecation in CSP report added
Actions
Copy link
 #47

Updated by Chris Müller about 1 year ago

  • Related to Task #100535: CSP module: On small browser size the UX of the details view could be improved added
Actions
Copy link
 #48

Updated by Chris Müller about 1 year ago

  • Related to Bug #100621: CSP: Reduce a directive by a URL in csp.yaml is not working added
Actions
Copy link
 #49

Updated by Oliver Hader about 1 year ago

  • Subtask #100691 added
Actions
Copy link
 #50

Updated by Simon Schaufelberger about 1 year ago

  • Related to Bug #100756: JavaScript errors in install tool added
Actions
Copy link
 #51

Updated by Simon Schaufelberger about 1 year ago

  • Related to deleted (Bug #100756: JavaScript errors in install tool)
Actions
Copy link
 #52

Updated by Oliver Hader 11 months ago

  • Subtask #100903 added
Actions
Copy link
 #53

Updated by Oliver Hader 11 months ago

  • Subtask #100904 added
Actions
Copy link
 #54

Updated by Oliver Hader 11 months ago

  • Subtask #100905 added
Actions
Copy link
 #55

Updated by Oliver Hader 11 months ago

  • Subtask #100906 added
Actions
Copy link
 #56

Updated by Benni Mack 11 months ago

  • Related to Task #101087: Always enable "security.backend.enforceContentSecurityPolicy" added
Actions
Copy link
 #57

Updated by Oliver Hader 9 months ago

  • Subtask #101460 added
Actions
Copy link
 #58

Updated by Oliver Hader 9 months ago

  • Subtask #101477 added
Actions
Copy link
 #59

Updated by Oliver Hader 8 months ago

  • Subtask #101751 added
Actions
Copy link

Also available in: Atom PDF