- Status changed to Fixed
almost 2 years ago 4:28pm 20 January 2023 Automatically closed - issue fixed for 2 weeks with no activity.
I am trying to secure a Drupal instance by introducing a strict Content Security Policy. Excluding all external requests makes the backend for Webform configuration unusable. Scripts, stylesheets and images are requested from these sites: https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com
This seems to be the only compontent of Drupal that requires this. It would be very desirable to include the affected resources in the module itself, making it possible to implement a Content Security Policy that exludes all external requests.
Log in to a Drupal instance, configure an existing web form using a URL such as /admin/structure/webform/manage/
and observe requests in your browser’s development tools
Include the requested assets in the Webform module so that they can be requested from the Drupal site itself.
Fixed
6.1
Miscellaneous
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Automatically closed - issue fixed for 2 weeks with no activity.