Contrib.social

Vulnerability Scan reported 150206 - Content-Security-Policy Not Implemented

Open on Drupal.org →
Created on 15 October 2023, over 1 year ago
Updated 17 October 2023, over 1 year ago

Vulnerability Scan reported 150206 - Content-Security-Policy Not Implemented.
Even though in seckit module configutation we added script src and default src as 'self' still its throwing missing header error for compressed css/js files:
['site_url']files/css/css_eqSuJxiw4O0WFtVVA1rnmFzv5RCx0znTUjMr4W_sdXs.css
Could you please look into the issue.

💬 Support request
Status

Closed: won't fix

Version

2.0

Component

User interface

Created by

🇮🇳India ankitasharma13

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @ankitasharma13
  • Comment over 1 year ago
    🇮🇳India ankitasharma13
  • Comment over 1 year ago
    🇮🇳India ankitasharma13

    Closing this issue as not required.

  • Status changed to Closed: won't fix over 1 year ago
  • Comment over 1 year ago
    🇬🇧United Kingdom mcdruid 🇬🇧🇪🇺

    For posterity, seckit can only emit headers for responses that Drupal handles.

    Static assets such as CSS/JS and images will often be served directly by webservers (e.g. apache or nginx) without Drupal/PHP being involved.

    If you want to emit customised headers with static files, you may need to configure your webserver to do that. For example, perhaps with rules in a .htaccess file or similar.

    The implementation details will vary depending on different hosting configurations, and are outside the scope of the seckit project.

    Many of the headers that seckit manages are less relevant to static assets.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024