Implement the script-src-attr policy

Created on 23 March 2022, over 3 years ago

Updated 6 June 2025, 2 months ago

The current seckit CSP module does not support the policy script-src-attr, described in the W3C definition: https://w3c.github.io/webappsec-csp/#script-src-attr

None;

Implement the script-src-attr field and header

- Add the field to the settings page
- Add the header with the user defined values

Add the field to the settings page

✨ Feature request

Status

Needs review

Version

2.0

Component

Code

Created by

🇧🇷Brazil barone Belo Horizonte

Live updates comments and jobs are added and updated live.

Incomplete comments

Merge Requests

!48Implement the script-src-attr policy
Open
🇺🇸United States andyg5000
updated 2 months ago

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Merge request !48Resolve #3271331 "Implement the script src attr" → (Open) created by andyg5000
Comment 2 months ago →
🇺🇸United States andyg5000 North Carolina, USA
The test needs to be updated to fix merge conflict. I'll take a stab at it early next week.
Comment 2 months ago →
🇺🇸United States andyg5000 North Carolina, USA
Rebased this on 2.x and fixed the conflicts
Pipeline finished with Success
2 months ago
#521700
Comment 2 months ago →
🇺🇸United States andyg5000 North Carolina, USA
Pipeline finished with Success
2 months ago
#521728

Production build 0.71.5 2024