Misleading recommendation for CSP directive "frame-src"

Created on 19 April 2023, about 1 year ago

Updated 8 February 2024, 5 months ago

#2689277: Add ability to configure the child-src CSP directive → added support for the CSP directive "child-src", and added this recommendation when editing the directive "frame-src" in the admin form:

This directive is deprecated and will be replaced by child-src. It is recommended to use the both the frame-src and child-src directives until all browsers you support recognize the child-src directive.

The preferred method is now to use "frame-src", see:

Remove the recommendation and leave the option to use both "frame-src" and "child-src" ? Both are valid: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Securi...

📌 Task

Status

RTBC

Version

1.0

Component

Documentation

Created by

🇨🇦Canada fengtan Montreal, Canada

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @fengtan
Status changed to Needs review about 1 year ago4:09pm 19 April 2023
Open in Jenkins → Open on Drupal.org →
Core: 7.x + Environment: PHP 7.2 & MySQL 5.5
last update about 1 year ago
32 pass
Comment about 1 year ago →
🇨🇦Canada fengtan Montreal, Canada
Here is a proposed patch.
Comment about 1 year ago →
🇨🇦Canada fengtan Montreal, Canada
Status changed to RTBC 5 months ago5:23pm 8 February 2024
Comment 5 months ago →
🇺🇸United States laryn
Looks good to me.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024