- Status changed to Needs review
5 months ago 12:17pm 8 November 2024 - 🇳🇱Netherlands pjotr van der horst
Here is a reroll of the patch #2
We ran into this issue in combination with 🐛 media_library_opener leads to massive GET requests that break varnish etc. Active while opening the media library and navigating through the pages
The error occurred because our nginx servers didn't accept long url's with a long CSP header. We could have adjusted the nginx configuration but not sending a CSP header in response to AJAX requests seems to be a better solution.
- 🇳🇱Netherlands timohuisman Leiden, Netherlands
The patch from #7 causes deprecation errors;
Deprecated function: stristr(): Passing null to parameter #1 ($haystack) of type string is deprecated in Drupal\csp\EventSubscriber\ResponseCspSubscriber->Drupal\csp\EventSubscriber\{closure}() (line 177 of modules/contrib/csp/src/EventSubscriber/ResponseCspSubscriber.php). - 🇨🇦Canada gapple
@timohuisman that's odd, but I guess not unexpected that a response might not have a content type header.
I think I would prefer to update the patch so that it only excludes content types and response classes that it knows are safe.