Project

General

Profile

Actions

Feature #99499

open

Epic #87417: Integrate proper Content Security Policy (CSP) handling

Introduce Content Security Policy handling

Added by Oliver Hader almost 2 years ago. Updated 5 months ago.

Status:
Under Review
Priority:
Should have
Assignee:
Category:
Content Security Policy
Start date:
2023-03-01
Due date:
% Done:

75%

Estimated time:
(Total: 0.00 h)
PHP Version:
Tags:
Complexity:
Sprint Focus:


Files

99499.png (487 KB) 99499.png Oliver Hader, 2023-02-24 20:10

Subtasks 16 (4 open12 closed)

Feature #100055: Introduce Content Security Policy headersClosed2023-03-01

Actions
Feature #100056: Introduce Content Security Policy reporting & inspectionClosed2023-03-01

Actions
Task #100140: Properly handle inline stylesheetsClosed2023-03-11

Actions
Task #100141: Add possibility to add resource hashesClosedOliver Hader2023-03-11

Actions
Task #100190: Fix RST documentation issuesClosed2023-03-17

Actions
Task #100413: Add policy inspection & management to Content-Security-Policy moduleUnder ReviewOliver Hader2023-04-03

Actions
Bug #100446: Add youtube-nocookie.com to static CSP declarationsClosedOliver Hader2023-04-04

Actions
Bug #100460: Page preview of different domain cannot be shown in web>view moduleClosedOliver Hader2023-04-05

Actions
Task #100691: Track CSP nonce consumptionClosed2023-04-20

Actions
Task #100903: Add Facebook In-App HandlerUnder ReviewOliver Hader2023-05-20

Actions
Bug #100904: Fallback to script-src and style-srcNewOliver Hader2023-05-20

Actions
Bug #100905: Deny base-uri and object-src per defaultClosedOliver Hader2023-05-20

Actions
Task #100906: Handle CSP violations in browser extensionsNew2023-05-20

Actions
Bug #101460: Allow strict-dynamic only for applicable CSP directivesClosed2023-07-27

Actions
Bug #101477: Extend CSP directives and sourcesClosedOliver Hader2023-07-28

Actions
Task #101751: Use ConsumableNonce instead of blunt Nonce in CSP contextClosedOliver Hader2023-08-25

Actions

Related issues 6 (1 open5 closed)

Related to TYPO3 Core - Bug #100456: Don't report AdminPanel usages to CSPClosed2023-04-05

Actions
Related to TYPO3 Core - Bug #100517: Content Security Policy: Report is not stored when no site language is defined on "/"Closed2023-04-06

Actions
Related to TYPO3 Core - Task #100534: Avoid PHP deprecation in CSP reportClosedChris Müller2023-04-08

Actions
Related to TYPO3 Core - Task #100535: CSP module: On small browser size the UX of the details view could be improvedAccepted2023-04-08

Actions
Related to TYPO3 Core - Bug #100621: CSP: Reduce a directive by a URL in csp.yaml is not workingClosed2023-04-16

Actions
Related to TYPO3 Core - Task #101087: Always enable "security.backend.enforceContentSecurityPolicy"ClosedBenni Mack2023-06-15

Actions
Actions

Also available in: Atom PDF