Ability to disable a boolean directive in config

Created on 27 June 2023, almost 2 years ago
Updated 3 July 2023, almost 2 years ago

Problem/Motivation

It should be possible to disable a boolean directive in the yaml config, without removing the config for the directive entirely. Though the admin config form is useful:

  1. It should be possible to set the value in the .yml file directly
  2. It should be possible to override the existing value using the configuration override system; see https://www.drupal.org/docs/drupal-apis/configuration-api/configuration-...

Steps to reproduce

  1. Enable a boolean directive (e.g. upgrade-insecure-requests) and save the configuration
  2. Override the directive to disable it in settings.php or similar ($config['csp.settings']['enforce']['directives']['upgrade-insecure-requests'] = FALSE;)
  3. Visit the site, and note that the directive is still there even though it should be disabled (not present)

Proposed resolution

In the response subscriber, either:

  • Use the directive's config value when setting a boolean directive (rather than always using TRUE); or
  • Add a condition to verify that the directive value is TRUE before setting it.

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report
Status

Fixed

Version

1.0

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @bgustafson
    • gapple committed 6e8bc967 on 8.x-1.x
      Fix #3370774: False config value for boolean directives
      
  • Status changed to Fixed almost 2 years ago
  • 🇨🇦Canada gapple

    Good catch - I've focused on the EventSubscriber for altering policies, but config overrides are a valid method that should work too!
    I've made a change so that the directive type is checked (instead of if the value is a boolean), so it should handle whatever truthy/falsey value is in config properly now.

    The UI will remove boolean values from config if they are unchecked, but I assume anyone that was a workflow that preserves the false value in YML (e.g. config split for different environments) is able to deal with checking for and preserving the YML property if it gets removed in an export.

  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024