Project

General

Profile

Actions

Feature #99499

open

Epic #87417: Integrate proper Content Security Policy (CSP) handling

Introduce Content Security Policy handling

Added by Oliver Hader almost 2 years ago. Updated 5 months ago.

Status:
Under Review
Priority:
Should have
Assignee:
Category:
Content Security Policy
Start date:
2023-03-01
Due date:
% Done:

75%

Estimated time:
(Total: 0.00 h)
PHP Version:
Tags:
Complexity:
Sprint Focus:


Files

99499.png (487 KB) 99499.png Oliver Hader, 2023-02-24 20:10

Subtasks 16 (4 open12 closed)

Feature #100055: Introduce Content Security Policy headersClosed2023-03-01

Actions
Feature #100056: Introduce Content Security Policy reporting & inspectionClosed2023-03-01

Actions
Task #100140: Properly handle inline stylesheetsClosed2023-03-11

Actions
Task #100141: Add possibility to add resource hashesClosedOliver Hader2023-03-11

Actions
Task #100190: Fix RST documentation issuesClosed2023-03-17

Actions
Task #100413: Add policy inspection & management to Content-Security-Policy moduleUnder ReviewOliver Hader2023-04-03

Actions
Bug #100446: Add youtube-nocookie.com to static CSP declarationsClosedOliver Hader2023-04-04

Actions
Bug #100460: Page preview of different domain cannot be shown in web>view moduleClosedOliver Hader2023-04-05

Actions
Task #100691: Track CSP nonce consumptionClosed2023-04-20

Actions
Task #100903: Add Facebook In-App HandlerUnder ReviewOliver Hader2023-05-20

Actions
Bug #100904: Fallback to script-src and style-srcNewOliver Hader2023-05-20

Actions
Bug #100905: Deny base-uri and object-src per defaultClosedOliver Hader2023-05-20

Actions
Task #100906: Handle CSP violations in browser extensionsNew2023-05-20

Actions
Bug #101460: Allow strict-dynamic only for applicable CSP directivesClosed2023-07-27

Actions
Bug #101477: Extend CSP directives and sourcesClosedOliver Hader2023-07-28

Actions
Task #101751: Use ConsumableNonce instead of blunt Nonce in CSP contextClosedOliver Hader2023-08-25

Actions

Related issues 6 (1 open5 closed)

Related to TYPO3 Core - Bug #100456: Don't report AdminPanel usages to CSPClosed2023-04-05

Actions
Related to TYPO3 Core - Bug #100517: Content Security Policy: Report is not stored when no site language is defined on "/"Closed2023-04-06

Actions
Related to TYPO3 Core - Task #100534: Avoid PHP deprecation in CSP reportClosedChris Müller2023-04-08

Actions
Related to TYPO3 Core - Task #100535: CSP module: On small browser size the UX of the details view could be improvedAccepted2023-04-08

Actions
Related to TYPO3 Core - Bug #100621: CSP: Reduce a directive by a URL in csp.yaml is not workingClosed2023-04-16

Actions
Related to TYPO3 Core - Task #101087: Always enable "security.backend.enforceContentSecurityPolicy"ClosedBenni Mack2023-06-15

Actions
Actions #1

Updated by Gerrit Code Review almost 2 years ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #2

Updated by Gerrit Code Review almost 2 years ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #3

Updated by Gerrit Code Review almost 2 years ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #4

Updated by Gerrit Code Review almost 2 years ago

Patch set 4 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #5

Updated by Gerrit Code Review almost 2 years ago

Patch set 5 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #6

Updated by Gerrit Code Review almost 2 years ago

Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #7

Updated by Gerrit Code Review almost 2 years ago

Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #8

Updated by Gerrit Code Review almost 2 years ago

Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #9

Updated by Gerrit Code Review almost 2 years ago

Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #10

Updated by Gerrit Code Review almost 2 years ago

Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #11

Updated by Gerrit Code Review almost 2 years ago

Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #12

Updated by Gerrit Code Review almost 2 years ago

Patch set 12 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #13

Updated by Gerrit Code Review over 1 year ago

Patch set 13 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #14

Updated by Gerrit Code Review over 1 year ago

Patch set 14 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #15

Updated by Gerrit Code Review over 1 year ago

Patch set 15 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #16

Updated by Gerrit Code Review over 1 year ago

Patch set 16 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #17

Updated by Gerrit Code Review over 1 year ago

Patch set 17 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #18

Updated by Gerrit Code Review over 1 year ago

Patch set 18 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #19

Updated by Gerrit Code Review over 1 year ago

Patch set 19 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #20

Updated by Oliver Hader over 1 year ago

Actions #21

Updated by Gerrit Code Review over 1 year ago

Patch set 20 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #22

Updated by Gerrit Code Review over 1 year ago

Patch set 21 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #23

Updated by Gerrit Code Review over 1 year ago

Patch set 22 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #24

Updated by Gerrit Code Review over 1 year ago

Patch set 23 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #25

Updated by Gerrit Code Review over 1 year ago

Patch set 24 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #26

Updated by Gerrit Code Review over 1 year ago

Patch set 25 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #27

Updated by Gerrit Code Review over 1 year ago

Patch set 26 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #28

Updated by Gerrit Code Review over 1 year ago

Patch set 27 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #29

Updated by Gerrit Code Review over 1 year ago

Patch set 28 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #30

Updated by Gerrit Code Review over 1 year ago

Patch set 29 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #31

Updated by Gerrit Code Review over 1 year ago

Patch set 30 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #32

Updated by Gerrit Code Review over 1 year ago

Patch set 31 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77293

Actions #33

Updated by Oliver Hader over 1 year ago

  • Subject changed from Add Content Security Policy domain models to Introduce Content Security Policy handling
Actions #34

Updated by Oliver Hader over 1 year ago

  • Subtask #100055 added
Actions #35

Updated by Oliver Hader over 1 year ago

  • Subtask #100056 added
Actions #36

Updated by Oliver Hader over 1 year ago

  • Subtask #100140 added
Actions #37

Updated by Oliver Hader over 1 year ago

  • Description updated (diff)
Actions #38

Updated by Oliver Hader over 1 year ago

  • Subtask #100141 added
Actions #39

Updated by Oliver Hader over 1 year ago

  • Subtask #100190 added
Actions #40

Updated by Oliver Hader over 1 year ago

  • Subtask #100413 added
Actions #41

Updated by Oliver Hader over 1 year ago

  • Subtask #100446 added
Actions #42

Updated by Daniel Siepmann over 1 year ago

  • Related to Bug #100456: Don't report AdminPanel usages to CSP added
Actions #43

Updated by Oliver Hader over 1 year ago

  • Subtask #100460 added
Actions #44

Updated by Benni Mack over 1 year ago

  • Target version changed from 12 LTS to Candidate for Major Version
Actions #45

Updated by Chris Müller over 1 year ago

  • Related to Bug #100517: Content Security Policy: Report is not stored when no site language is defined on "/" added
Actions #46

Updated by Chris Müller over 1 year ago

  • Related to Task #100534: Avoid PHP deprecation in CSP report added
Actions #47

Updated by Chris Müller over 1 year ago

  • Related to Task #100535: CSP module: On small browser size the UX of the details view could be improved added
Actions #48

Updated by Chris Müller over 1 year ago

  • Related to Bug #100621: CSP: Reduce a directive by a URL in csp.yaml is not working added
Actions #49

Updated by Oliver Hader over 1 year ago

  • Subtask #100691 added
Actions #50

Updated by Simon Schaufelberger over 1 year ago

  • Related to Bug #100756: JavaScript errors in install tool added
Actions #51

Updated by Simon Schaufelberger over 1 year ago

  • Related to deleted (Bug #100756: JavaScript errors in install tool)
Actions #52

Updated by Oliver Hader over 1 year ago

  • Subtask #100903 added
Actions #53

Updated by Oliver Hader over 1 year ago

  • Subtask #100904 added
Actions #54

Updated by Oliver Hader over 1 year ago

  • Subtask #100905 added
Actions #55

Updated by Oliver Hader over 1 year ago

  • Subtask #100906 added
Actions #56

Updated by Benni Mack over 1 year ago

  • Related to Task #101087: Always enable "security.backend.enforceContentSecurityPolicy" added
Actions #57

Updated by Oliver Hader over 1 year ago

  • Subtask #101460 added
Actions #58

Updated by Oliver Hader over 1 year ago

  • Subtask #101477 added
Actions #59

Updated by Oliver Hader about 1 year ago

  • Subtask #101751 added
Actions #60

Updated by Georg Ringer 5 months ago

  • Category changed from Security to Content Security Policy
Actions

Also available in: Atom PDF