Remove default CSP headers from core

Created on 3 June 2024, 23 days ago

Updated 17 June 2024, 9 days ago

In anticipation of 📌 Add a default CSP and clickjacking defence and minimal API for CSP to core Active , if the CSP module is installed but a directive is not enabled, then any default headers set by core should be removed.

📌 Task

Status

Fixed

Version

2.0

Component

Code

Created by

🇨🇦Canada gapple

Live updates comments and jobs are added and updated live.

Merge Requests

!41Remove default CSP headers from core
Merged
🇨🇦Canada gapple
updated 23 days ago

Issue created by @gapple
Merge request !41Remove pre-existing policy if not enabled in config → (Merged) created by gapple
Status changed to Fixed 23 days ago10:55am 3 June 2024
Comment 23 days ago →
🇨🇦Canada gapple
Comment 23 days ago →
System Message

gapple → committed 0d1ad29c on 2.x
Issue #3452137: Remove default CSP headers from core
Comment 9 days ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.69.0 2024