Remove default CSP headers from core

Created on 3 June 2024, 10 months ago

Updated 17 June 2024, 10 months ago

In anticipation of 📌 Add a default CSP and clickjacking defence and minimal API for CSP to core Active , if the CSP module is installed but a directive is not enabled, then any default headers set by core should be removed.

📌 Task

Status

Fixed

Version

2.0

Component

Code

Created by

🇨🇦Canada gapple

Live updates comments and jobs are added and updated live.

Merge Requests

!41Remove default CSP headers from core
Merged
🇨🇦Canada gapple
updated 10 months ago

Issue created by @gapple
Merge request !41Remove pre-existing policy if not enabled in config → (Merged) created by gapple
Status changed to Fixed 10 months ago10:55am 3 June 2024
Comment 10 months ago →
🇨🇦Canada gapple
Comment 10 months ago →
System Message

gapple → committed 0d1ad29c on 2.x
Issue #3452137: Remove default CSP headers from core
Comment 10 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024