- 🇬🇧United Kingdom mcdruid 🇬🇧🇪🇺
re. #4 and #5 yes, the description is the same in the D7 branch but the default is correctly applied to match the description.
https://git.drupalcode.org/project/seckit/-/blob/7.x-1.12/seckit.module#...
Let's fix 2.x rather than changing the description to match the bug.
https://git.drupalcode.org/project/seckit/-/blob/2.0.1/config/install/se...
- First commit to issue fork.
- Merge request !163193697: Added default value for default-src attribute. → (Open) created by Unnamed author
- last update
over 1 year ago 34 pass - Status changed to Needs review
over 1 year ago 6:11am 30 July 2023 - 🇮🇳India bharath-kondeti Hyderabad
Addressed #10 and raised a PR. Please review
- Status changed to Needs work
over 1 year ago 11:30am 31 July 2023 - 🇬🇧United Kingdom mcdruid 🇬🇧🇪🇺
Thanks. However, a clean install of the module still seems to have an empty value for default-src:
$ drush cget seckit.settings _core: default_config_hash: **SNIP** seckit_xss: csp: checkbox: false vendor-prefix: x: false webkit: false report-only: false default-src: '' <==== script-src: '' object-src: '' ..snip..The same thing shows up in the admin UI, as we'd expect.
I'm not sure why yet, but just adding the default to
config/install/seckit.settings.ymldoesn't seem to be enough to fix this. - First commit to issue fork.
- 🇬🇧United Kingdom the_g_bomb
drush en seckit using this latest patch and seckit: 2.0.3 or seckit dev-2.x seems to work ok for me when you view the admin form.
- Installing drupal/seckit (dev-2.x f15d470): Cloning f15d470265 from cache - Applying patches for drupal/seckit https://git.drupalcode.org/project/seckit/-/merge_requests/16.diff (3193697: default-src has wrong description)
And also when running:% drush cget seckit.settings _core: default_config_hash: **SNIP** seckit_xss: csp: checkbox: false vendor-prefix: x: false webkit: false report-only: false default-src: "'self'" script-src: '' object-src: '' ..snip..