Security Kit

Open on Drupal.org →Open on Drupal GitLab →

Created on 26 March 2011, about 14 years ago

Maintained by

🇨🇦Canada badjava
🇳🇿New Zealand jweowu
🇬🇧United Kingdom mcdruid
p0deje

🇬🇧United Kingdom
32%

🇺🇸United States
15%

🇦🇺Australia
13%

🇮🇳India
8%

🇵🇪Peru
5%

🇩🇪Germany
4%

🇨🇦Canada
4%

🇮🇹Italy
4%

🏴‍☠️
3%

🇫🇮Finland
3%

🇳🇿New Zealand
3%

🇳🇱Netherlands
3%

🇷🇺Russia
2%

🏴‍☠️🇪🇸 🇺🇦 🇧🇷
2%

Top 10 contributors

Acquia 18%
- 🇮🇳 @ankitv18
- 🇬🇧 @mcdruid
- 🇮🇳 @deepakkm
Affinity Digital Tech Ltd 5%
- 🇬🇧 @somersoft
Tomato Elephant Studio 5%
- 🇦🇺 @VladimirAus
SeeD EM 5%
- 🇵🇪 @alyaj2a
Third and Grove 4%
- 🇺🇸 @jds1
Catalyst IT 4%
- 🇳🇿 @jweowu
- 🇦🇺 @jnlar
Jarltech Europe GmbH 3%
- 🇩🇪 @mkalkbrenner
Fame Helsinki 3%
- 🇫🇮 @sokru
DICTU 3%
- 🇳🇱 @groendijk
Chromatic 2%
- 🇺🇸 @apotek

+13

and 14 individuals ( 38% )

🇪🇸 @bmunslow
🇬🇧 @dahousecat
🇺🇸 @DamienMcKenna
🇦🇺 @dpi
🇨🇦 @gapple
🇮🇹 @apaderno
🇺🇸 @dabblela
🇷🇺 @shra
🇬🇧 @the_g_bomb
🇬🇧 @littlepixiez
🇷🇺 @a.kovrigin
🇮🇳 @hetalsagar
🇨🇦 @No Sssweat
@project update bot

Merge Requests

!47Resolve #3521718 "Add support for form-action directive"
Open
Unnamed author
updated 9 days ago
!16default-src has wrong description
Open
Show issue
Unnamed author
updated 3 months ago
!46Avoid using document.write('<!--');
Open
Show issue
🇬🇧United Kingdom the_g_bomb
updated 3 months ago
!30Avoid using document.write('<!--');
Open
Show issue
🇪🇸Spain luismagr
updated 3 months ago
!45Allow certain paths to be excluded from the Origin check (patch included)
Open
Show issue
joshhytr
updated 6 months ago
!44"Directive style-src-elem violated."
Open
Show issue
🇺🇸United States DamienMcKenna
updated 6 months ago

More Merge Requests

Issues

✨
Need to exclude admin path from applying the policies
Active
Code
Created about 1 year ago
v2.0
🇻🇳Vietnam tm01xx
about 3 hours ago
✨
Extend length of src fields
Needs review
Code
Created about 4 years ago
v2.0
🇷🇸Serbia milovan
1 day ago
🐛
CSS fails, if default-src "self" configured
Active
Code
Created 4 days ago
v2.0
🇩🇪Germany drupalbubb
3 days ago
🐛
Breaks sitemap.xml when JS +CSS + Noscript protection is enabled
Active
Code
Created almost 4 years ago
v2.0
🇭🇺Hungary asrob
8 days ago
✨
Add support for form-action directive
Needs work
Code
Created 16 days ago
v2.0
🇮🇱Israel albert van kiel
9 days ago
✨
Add support for form-action directive
Closed: duplicate
Code
Created 16 days ago
v2.0
🇮🇱Israel albert van kiel
9 days ago
✨
Support for configuring script-src-elem
Active
Code
Created about 2 months ago
v2.0
🇺🇸United States apotek
about 2 months ago
🐛
default-src has wrong description
Needs work
Documentation
Created over 4 years ago
v2.0
🇦🇺Australia marji
3 months ago
✨
Change Feature Policy to Permissions Policy (D8/D9)
Needs review
Code
Created over 4 years ago
v2.0
🇵🇹Portugal rfmarcelino
3 months ago
📌
Avoid using document.write('<!--');
Needs work
Code
Created over 4 years ago
v1.2
🇷🇺Russia kostyashupenko
3 months ago
💬
How to add all google tlds for CSP
Active
User interface
Created almost 3 years ago
v2.0
🇺🇸United States justclint
3 months ago
💬
CSP: Directive script-src-elem violated with googletagmanager
Needs work
Code
Created about 4 years ago
v2.0
🇮🇳India sivaprasadc
3 months ago
💬
Google URL's are blocked.
Active
Miscellaneous
Created over 1 year ago
v2.0
🇮🇳India suresh prabhu parkala
3 months ago
✨
Permissions Policy Support
RTBC
Miscellaneous
Created over 4 years ago
v2.0
🇦🇹Austria gr4phic3r
4 months ago
✨
Change Feature Policy to Permissions Policy
Closed: won't fix
Code
Created over 4 years ago
v1.11
🇮🇳India Souvik Pal
4 months ago
🐛
Seckit doesn´t work for Images, CSS, JS
Active
Code
Created 4 months ago
v2.0
🇦🇹Austria gr4phic3r
4 months ago
🐛
Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.
Active
Code
Created about 1 year ago
v2.0
🇺🇦Ukraine bahbka
5 months ago
💬
/report-csp-violation throwing an error
Active
Miscellaneous
Created 5 months ago
v2.0
🇺🇸United States duckydan
5 months ago
✨
Implement a "semi automatic" Nonce settings
Needs review
Miscellaneous
Created over 3 years ago
v2.0
🇧🇷Brazil barone
5 months ago
✨
"Directive style-src-elem violated."
Active
Code
Created over 4 years ago
v1.0
🇺🇸United States DamienMcKenna
5 months ago
✨
Allow certain paths to be excluded from the Origin check (patch included)
Active
Code
Created about 4 years ago
v2.0
🇬🇧United Kingdom andy tawse
6 months ago
✨
Add worker-src
Needs review
Code
Created almost 3 years ago
v1.0
🇬🇧United Kingdom dahousecat
6 months ago
✨
Dispatch an event when there is a CSP violation
Active
Code
Created 6 months ago
v2.0
🇺🇸United States dabblela
6 months ago
✨
Add worker-src
Active
Code
Created about 1 year ago
v2.0
🇬🇧United Kingdom dahousecat
7 months ago
✨
Add form-action directive
Needs review
Code
Created almost 4 years ago
v2.0
🇬🇧United Kingdom Dubs
7 months ago
📌
Drupal calls should be avoided in classes, use dependency injection instead
Active
Code
Created over 1 year ago
v2.0
🇧🇷Brazil PabloNicolas
7 months ago
🐛
Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created 8 months ago
v2.0
🇮🇳India hetalsagar
7 months ago
🐛
Missing container invalidation update from issue modifying services
Active
Code
Created 9 months ago
v2.0
🇦🇺Australia prussobcm
7 months ago
🐛
The base-uri policy is missing
Needs review
Code
Created over 5 years ago
v2.0
🇧🇪Belgium cubeinspire
8 months ago
🐛
Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set
Active
Code
Created over 1 year ago
v2.0
🇪🇸Spain jsbalsera
8 months ago
💬
SA-CONTRIB-2024-039 Clarification?
Fixed
Code
Created 8 months ago
v2.0
🇺🇸United States kruser
8 months ago
✨
Provide hook_seckit_options_alter() D8
Needs review
Code
Created over 8 years ago
v2.0
🇷🇺Russia ogggg
8 months ago
📌
Set 2.x as default branch
Fixed
Code
Created 9 months ago
v2.0
🇩🇪Germany mkalkbrenner
8 months ago
📌
Update summary on project page for compatibility with Project Browser
Active
Miscellaneous
Created 8 months ago
v2.0
🇺🇸United States leslieg
8 months ago
📌
Update logo for compatibility with Project Browser
Active
Miscellaneous
Created 8 months ago
v2.0
🇺🇸United States leslieg
8 months ago
🐛
Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML
Needs work
Code
Created almost 6 years ago
v2.0
🇺🇸United States averagejoe3000
8 months ago
🐛
php error
Closed: duplicate
Code
Created 8 months ago
v2.0
🇩🇪Germany ngruendel
8 months ago
📌
Modernize services: Add autowiring aliases, use autoconfigure, etc
Needs review
Code
Created 8 months ago
v2.0
🇦🇺Australia dpi
8 months ago
🐛
Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created 8 months ago
v2.0
🇮🇳India hetalsagar
8 months ago
📌
D11 release for seckit
Fixed
Code
Created 9 months ago
v2.0
🇬🇧United Kingdom mcdruid
8 months ago
📌
Coding Standard Issues
Fixed
Code
Created 8 months ago
v2.0
🇵🇪Peru alyaj2a
8 months ago
📌
Add testing of report-csp-violation
Fixed
Code
Created 9 months ago
v2.0
🇬🇧United Kingdom mcdruid
8 months ago
✨
Silent mode for CSP reporting
Active
Code
Created about 3 years ago
v2.0
🇺🇦Ukraine ksemihin
8 months ago
✨
Update CSP directives
Needs review
Code
Created over 7 years ago
v2.0
🇺🇸United States Mojiferous
9 months ago
✨
Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts
Needs review
Code
Created over 1 year ago
v2.0
🇧🇪Belgium Dozz
9 months ago
📌
Automated Drupal 11 compatibility fixes for seckit
Closed: duplicate
Code
Created 10 months ago
v2.0
project update bot
9 months ago
📌
Automated Drupal 11 compatibility fixes for seckit
Fixed
Code
Created about 1 year ago
v2.0
project update bot
9 months ago
📌
Fix validate pipeline
Fixed
Code
Created 10 months ago
v2.0
🇮🇳India ankitv18
10 months ago
📌
Add Gitlab CI
Fixed
Code
Created over 1 year ago
v2.0
🇮🇳India deepakkm
10 months ago
🐛
No values in X-XSS-Protection Header select box
Fixed
User interface
Created almost 7 years ago
v2.0
rajithkumark
11 months ago
📌
Drupal 9.1 Deprecated Code Report
RTBC
Code
Created over 4 years ago
v2.0
🇬🇷Greece suzymasri
11 months ago
💬
Question about HSTS max-age
Active
Miscellaneous
Created about 1 year ago
v2.0
🇳🇱Netherlands RobBNL
12 months ago
✨
Text fields not big enough
Fixed
Code
Created over 2 years ago
v2.0
🇪🇸Spain penyaskito
about 1 year ago
📌
Add phpcs and drupal-check fixes
Needs review
Code
Created about 3 years ago
v2.0
🇮🇳India bendale
about 1 year ago
✨
Store each CSP rule on a seperate line in config
Active
Code
Created about 1 year ago
v2.0
🇬🇧United Kingdom dahousecat
about 1 year ago
📌
Support flood control for CSP violation reports
Needs work
Code
Created about 9 years ago
v1.0
🇳🇿New Zealand jweowu
about 1 year ago
📌
t() calls should be avoided in classes.
Needs review
Code
Created about 1 year ago
v2.0
🇮🇳India chaitanyadessai
about 1 year ago
📌
\Drupal calls should be avoided in classes, use dependency injection instead
Needs review
Code
Created about 1 year ago
v2.0
🇮🇳India chaitanyadessai
about 1 year ago
📌
Add LICENSE.txt file
Closed: works as designed
Code
Created about 1 year ago
v2.0
🇷🇴Romania ciprian.stavovei
about 1 year ago
💬
Backdrop CMS Port?
Fixed
Miscellaneous
Created over 3 years ago
v1.0
rbargerhuff
about 1 year ago
📌
Misleading recommendation for CSP directive "frame-src"
RTBC
Documentation
Created about 2 years ago
v1.0
🇨🇦Canada fengtan
over 1 year ago
🐛
Fix D7 Forms API syntax
RTBC
Code
Created almost 2 years ago
v1.0
🇨🇦Canada mvc
over 1 year ago
✨
Add support for setting referer policy from route in issue #3027122
Needs work
Code
Created almost 4 years ago
v2.0
🇦🇺Australia gordon
over 1 year ago
💬
Lottie files / base64 encoding
Active
Miscellaneous
Created about 2 years ago
v1.11
🇺🇸United States Mile3
over 1 year ago
💬
Uncaught DOMException: Permission denied to access property "hostname" on cross-origin object
Active
Code
Created over 1 year ago
v2.0
🇪🇸Spain gpollner
over 1 year ago
📌
Add a reference to csp_log in documentation
Active
Documentation
Created over 1 year ago
v2.0
🇧🇪Belgium daften
over 1 year ago
💬
How to set httpOnly flag on cookies?
Needs review
Documentation
Created over 1 year ago
v2.0
🇪🇸Spain uridrupal
over 1 year ago
💬
Vulnerability Scan reported 150206 - Content-Security-Policy Not Implemented
Closed: won't fix
User interface
Created over 1 year ago
v2.0
🇮🇳India ankitasharma13
over 1 year ago
📌
Replace README.txt with README.md
Fixed
Documentation
Created over 2 years ago
v2.0
🇮🇳India Manoj Raj.R
over 1 year ago
📌
Fix the warnings/errors reported by PHP_CodeSniffer
Fixed
Code
Created about 5 years ago
v2.0
🇳🇿New Zealand xurizaemon
almost 2 years ago
📌
Update source url in composer.json
Fixed
Code
Created over 4 years ago
v2.0
🇳🇴Norway neslee canil pinto
almost 2 years ago
📌
License "GPL-2.0+" is a deprecated SPDX license identifier
Fixed
Code
Created almost 5 years ago
v2.0
🇮🇳India harishh
almost 2 years ago
🐛
JS/CSS/Noscript code gets added twice to head on 404/403 pages
Fixed
Code
Created over 5 years ago
v2.0
🇺🇸United States averagejoe3000
almost 2 years ago
🐛
Minor Typo in SecKitEventSubscriber.php File
Fixed
Code
Created over 4 years ago
v2.0
🇮🇳India sivaprasadc
almost 2 years ago
📌
Drupal CSS Standards
Fixed
Code
Created about 2 years ago
v1.0
🇺🇸United States bygeoffthompson
almost 2 years ago
🐛
seckit/listener library incorrectly defined
Fixed
Code
Created almost 2 years ago
v2.0
🇬🇧United Kingdom mcdruid
almost 2 years ago
🐛
style-src key missing in seckit.settings.yml
Fixed
Code
Created almost 2 years ago
v2.0
🇦🇺Australia jnlar
almost 2 years ago
🐛
report-uri is deprecated
Active
Code
Created about 2 years ago
v2.0
🇳🇱Netherlands LaurentD
almost 2 years ago
✨
Remove Generator meta tag from output
Closed: works as designed
Code
Created over 8 years ago
v2.0
🇦🇺Australia chOP
almost 2 years ago
🐛
Illegal choice 0 in Configure element.
Closed: duplicate
Code
Created almost 5 years ago
v2.0
🇮🇳India vijay.mayilsamy
almost 2 years ago
📌
Add textarea type to script-src field
Closed: duplicate
Code
Created almost 3 years ago
v2.0
🇮🇳India ashetkar
almost 2 years ago
✨
Allow entering more content in CSP fields
Closed: duplicate
Code
Created over 2 years ago
v2.0
🇨🇦Canada dylan donkersgoed
almost 2 years ago
✨
Extend length of feature policy field
Closed: duplicate
Code
Created over 5 years ago
v2.0
🇳🇱Netherlands dennis_meuwissen
almost 2 years ago
✨
Add support for form-action CSP directive
Active
Code
Created over 7 years ago
v1.0
🇺🇸United States milodesc
almost 2 years ago
✨
Longer fields to support Google TLD's
Closed: duplicate
Code
Created almost 2 years ago
v1.0
🇨🇦Canada djac
almost 2 years ago
📌
Trailing slash on void elements has no effect and interacts badly with unquoted attribute values
Closed: duplicate
Code
Created almost 2 years ago
v2.0
fromme
almost 2 years ago
📌
Remove type="text/javascript" from <script> tag
Needs review
Code
Created almost 2 years ago
v2.0
fromme
almost 2 years ago
🐛
Deprecated Feature Used Expect-CT header
Needs review
Code
Created over 2 years ago
v2.0
l_nava
almost 2 years ago
🐛
Expect-CT is deprecated; provide a warning or remove
Closed: duplicate
Code
Created over 2 years ago
v2.0
🇯🇵Japan ptmkenny
almost 2 years ago
✨
Text fields not big enough
Fixed
Code
Created almost 6 years ago
v1.0
🇬🇧United Kingdom dunx
over 2 years ago
📌
Skip report-uri processing if value is empty
Fixed
Code
Created over 5 years ago
v1.0
🇺🇸United States ron_s
over 2 years ago
✨
Add support for feature-policy header
Fixed
Code
Created almost 7 years ago
v1.0
🇦🇺Australia adammalone
over 2 years ago
💬
Offering to maintain Security Kit
Active
Miscellaneous
Created over 2 years ago
v2.0
🇮🇳India rajeshreeputra
about 2 years ago
🌱
Deprecate / Remove Content Security Policy configuration in favour of Content Security Policy module
Active
Code
Created almost 7 years ago
v1.0
🇨🇦Canada gapple
over 2 years ago
🐛
Missing Strict-Transport-Security header
Closed: works as designed
Code
Created about 6 years ago
v1.0
🇨🇭Switzerland handkerchief
about 2 years ago
🐛
ALLOW-FROM directive in x-frame-options is obsolete
Active
Code
Created over 2 years ago
v2.0
🇬🇧United Kingdom oldspot
over 2 years ago
🐛
Blocked URI missing/empty in log entries
Closed: works as designed
Code
Created about 11 years ago
v1.9
🇺🇸United States bsnav
about 2 years ago
✨
Add 'Disable Security Kit' option back
Active
User interface
Created about 2 years ago
v2.0
🇺🇸United States Jonathan_W
about 2 years ago
✨
Add manifest-src
Active
Code
Created about 4 years ago
v2.0
🇸🇪Sweden acke
about 2 years ago

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

Security Kit

Top 10 contributors

and 13 other organisations

and 14 individuals ( 38% )

Merge Requests

!47Resolve #3521718 "Add support for form-action directive"Open

!16default-src has wrong descriptionOpen Show issue

!46Avoid using document.write('<!--');Open Show issue

!30Avoid using document.write('<!--');Open Show issue

!45Allow certain paths to be excluded from the Origin check (patch included)Open Show issue

!44"Directive style-src-elem violated."Open Show issue

Issues

Need to exclude admin path from applying the policiesActiveCode Created about 1 year ago

Extend length of src fieldsNeeds reviewCode Created about 4 years ago

CSS fails, if default-src "self" configuredActiveCode Created 4 days ago

Breaks sitemap.xml when JS +CSS + Noscript protection is enabledActiveCode Created almost 4 years ago

Add support for form-action directiveNeeds workCode Created 16 days ago

Add support for form-action directiveClosed: duplicateCode Created 16 days ago

Support for configuring script-src-elemActiveCode Created about 2 months ago

default-src has wrong descriptionNeeds workDocumentation Created over 4 years ago

Change Feature Policy to Permissions Policy (D8/D9)Needs reviewCode Created over 4 years ago

Avoid using document.write('<!--');Needs workCode Created over 4 years ago

How to add all google tlds for CSPActiveUser interface Created almost 3 years ago

CSP: Directive script-src-elem violated with googletagmanagerNeeds workCode Created about 4 years ago

Google URL's are blocked. ActiveMiscellaneous Created over 1 year ago

Permissions Policy SupportRTBCMiscellaneous Created over 4 years ago

Change Feature Policy to Permissions PolicyClosed: won't fixCode Created over 4 years ago

Seckit doesn´t work for Images, CSS, JSActiveCode Created 4 months ago

Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.ActiveCode Created about 1 year ago

/report-csp-violation throwing an errorActiveMiscellaneous Created 5 months ago

Implement a "semi automatic" Nonce settingsNeeds reviewMiscellaneous Created over 3 years ago

"Directive style-src-elem violated."ActiveCode Created over 4 years ago

Allow certain paths to be excluded from the Origin check (patch included)ActiveCode Created about 4 years ago

Add worker-srcNeeds reviewCode Created almost 3 years ago

Dispatch an event when there is a CSP violationActiveCode Created 6 months ago

Add worker-srcActiveCode Created about 1 year ago

Add form-action directiveNeeds reviewCode Created almost 4 years ago

Drupal calls should be avoided in classes, use dependency injection insteadActiveCode Created over 1 year ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is onActiveCode Created 8 months ago

Missing container invalidation update from issue modifying servicesActiveCode Created 9 months ago

The base-uri policy is missingNeeds reviewCode Created over 5 years ago

Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is setActiveCode Created over 1 year ago

SA-CONTRIB-2024-039 Clarification?FixedCode Created 8 months ago

Provide hook_seckit_options_alter() D8Needs reviewCode Created over 8 years ago

Set 2.x as default branchFixedCode Created 9 months ago

Update summary on project page for compatibility with Project BrowserActiveMiscellaneous Created 8 months ago

Update logo for compatibility with Project BrowserActiveMiscellaneous Created 8 months ago

Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTMLNeeds workCode Created almost 6 years ago

php errorClosed: duplicateCode Created 8 months ago

Modernize services: Add autowiring aliases, use autoconfigure, etcNeeds reviewCode Created 8 months ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is onActiveCode Created 8 months ago

D11 release for seckitFixedCode Created 9 months ago

Coding Standard Issues FixedCode Created 8 months ago

Add testing of report-csp-violationFixedCode Created 9 months ago

Silent mode for CSP reportingActiveCode Created about 3 years ago

Update CSP directivesNeeds reviewCode Created over 7 years ago

Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts Needs reviewCode Created over 1 year ago

Automated Drupal 11 compatibility fixes for seckitClosed: duplicateCode Created 10 months ago

Automated Drupal 11 compatibility fixes for seckitFixedCode Created about 1 year ago

Fix validate pipelineFixedCode Created 10 months ago

Add Gitlab CIFixedCode Created over 1 year ago

No values in X-XSS-Protection Header select box FixedUser interface Created almost 7 years ago

Drupal 9.1 Deprecated Code ReportRTBCCode Created over 4 years ago

Question about HSTS max-ageActiveMiscellaneous Created about 1 year ago

Text fields not big enoughFixedCode Created over 2 years ago

Add phpcs and drupal-check fixesNeeds reviewCode Created about 3 years ago

Store each CSP rule on a seperate line in configActiveCode Created about 1 year ago

Support flood control for CSP violation reportsNeeds workCode Created about 9 years ago

t() calls should be avoided in classes.Needs reviewCode Created about 1 year ago

\Drupal calls should be avoided in classes, use dependency injection insteadNeeds reviewCode Created about 1 year ago

Add LICENSE.txt fileClosed: works as designedCode Created about 1 year ago

Backdrop CMS Port?FixedMiscellaneous Created over 3 years ago

Misleading recommendation for CSP directive "frame-src"RTBCDocumentation Created about 2 years ago

Fix D7 Forms API syntaxRTBCCode Created almost 2 years ago

Add support for setting referer policy from route in issue #3027122Needs workCode Created almost 4 years ago

Lottie files / base64 encodingActiveMiscellaneous Created about 2 years ago

Uncaught DOMException: Permission denied to access property "hostname" on cross-origin objectActiveCode Created over 1 year ago

Add a reference to csp_log in documentationActiveDocumentation Created over 1 year ago

How to set httpOnly flag on cookies?Needs reviewDocumentation Created over 1 year ago

Vulnerability Scan reported 150206 - Content-Security-Policy Not ImplementedClosed: won't fixUser interface Created over 1 year ago

!47Resolve #3521718 "Add support for form-action directive"
Open

!16default-src has wrong description
Open
Show issue

!46Avoid using document.write('<!--');
Open
Show issue

!30Avoid using document.write('<!--');
Open
Show issue

!45Allow certain paths to be excluded from the Origin check (patch included)
Open
Show issue

!44"Directive style-src-elem violated."
Open
Show issue

Need to exclude admin path from applying the policies
Active
Code
Created about 1 year ago

Extend length of src fields
Needs review
Code
Created about 4 years ago

CSS fails, if default-src "self" configured
Active
Code
Created 4 days ago

Breaks sitemap.xml when JS +CSS + Noscript protection is enabled
Active
Code
Created almost 4 years ago

Add support for form-action directive
Needs work
Code
Created 16 days ago

Add support for form-action directive
Closed: duplicate
Code
Created 16 days ago

Support for configuring script-src-elem
Active
Code
Created about 2 months ago

default-src has wrong description
Needs work
Documentation
Created over 4 years ago

Change Feature Policy to Permissions Policy (D8/D9)
Needs review
Code
Created over 4 years ago

Avoid using document.write('<!--');
Needs work
Code
Created over 4 years ago

How to add all google tlds for CSP
Active
User interface
Created almost 3 years ago

CSP: Directive script-src-elem violated with googletagmanager
Needs work
Code
Created about 4 years ago

Google URL's are blocked.
Active
Miscellaneous
Created over 1 year ago

Permissions Policy Support
RTBC
Miscellaneous
Created over 4 years ago

Change Feature Policy to Permissions Policy
Closed: won't fix
Code
Created over 4 years ago

Seckit doesn´t work for Images, CSS, JS
Active
Code
Created 4 months ago

Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.
Active
Code
Created about 1 year ago

/report-csp-violation throwing an error
Active
Miscellaneous
Created 5 months ago

Implement a "semi automatic" Nonce settings
Needs review
Miscellaneous
Created over 3 years ago

"Directive style-src-elem violated."
Active
Code
Created over 4 years ago

Allow certain paths to be excluded from the Origin check (patch included)
Active
Code
Created about 4 years ago

Add worker-src
Needs review
Code
Created almost 3 years ago

Dispatch an event when there is a CSP violation
Active
Code
Created 6 months ago

Add worker-src
Active
Code
Created about 1 year ago

Add form-action directive
Needs review
Code
Created almost 4 years ago

Drupal calls should be avoided in classes, use dependency injection instead
Active
Code
Created over 1 year ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created 8 months ago

Missing container invalidation update from issue modifying services
Active
Code
Created 9 months ago

The base-uri policy is missing
Needs review
Code
Created over 5 years ago

Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set
Active
Code
Created over 1 year ago

SA-CONTRIB-2024-039 Clarification?
Fixed
Code
Created 8 months ago

Provide hook_seckit_options_alter() D8
Needs review
Code
Created over 8 years ago

Set 2.x as default branch
Fixed
Code
Created 9 months ago

Update summary on project page for compatibility with Project Browser
Active
Miscellaneous
Created 8 months ago

Update logo for compatibility with Project Browser
Active
Miscellaneous
Created 8 months ago

Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML
Needs work
Code
Created almost 6 years ago

php error
Closed: duplicate
Code
Created 8 months ago

Modernize services: Add autowiring aliases, use autoconfigure, etc
Needs review
Code
Created 8 months ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created 8 months ago

D11 release for seckit
Fixed
Code
Created 9 months ago

Coding Standard Issues
Fixed
Code
Created 8 months ago

Add testing of report-csp-violation
Fixed
Code
Created 9 months ago

Silent mode for CSP reporting
Active
Code
Created about 3 years ago

Update CSP directives
Needs review
Code
Created over 7 years ago

Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts
Needs review
Code
Created over 1 year ago

Automated Drupal 11 compatibility fixes for seckit
Closed: duplicate
Code
Created 10 months ago

Automated Drupal 11 compatibility fixes for seckit
Fixed
Code
Created about 1 year ago

Fix validate pipeline
Fixed
Code
Created 10 months ago

Add Gitlab CI
Fixed
Code
Created over 1 year ago

No values in X-XSS-Protection Header select box
Fixed
User interface
Created almost 7 years ago

Drupal 9.1 Deprecated Code Report
RTBC
Code
Created over 4 years ago

Question about HSTS max-age
Active
Miscellaneous
Created about 1 year ago

Text fields not big enough
Fixed
Code
Created over 2 years ago

Add phpcs and drupal-check fixes
Needs review
Code
Created about 3 years ago

Store each CSP rule on a seperate line in config
Active
Code
Created about 1 year ago

Support flood control for CSP violation reports
Needs work
Code
Created about 9 years ago

t() calls should be avoided in classes.
Needs review
Code
Created about 1 year ago

\Drupal calls should be avoided in classes, use dependency injection instead
Needs review
Code
Created about 1 year ago

Add LICENSE.txt file
Closed: works as designed
Code
Created about 1 year ago

Backdrop CMS Port?
Fixed
Miscellaneous
Created over 3 years ago

Misleading recommendation for CSP directive "frame-src"
RTBC
Documentation
Created about 2 years ago

Fix D7 Forms API syntax
RTBC
Code
Created almost 2 years ago

Add support for setting referer policy from route in issue #3027122
Needs work
Code
Created almost 4 years ago

Lottie files / base64 encoding
Active
Miscellaneous
Created about 2 years ago

Uncaught DOMException: Permission denied to access property "hostname" on cross-origin object
Active
Code
Created over 1 year ago

Add a reference to csp_log in documentation
Active
Documentation
Created over 1 year ago

How to set httpOnly flag on cookies?
Needs review
Documentation
Created over 1 year ago

Vulnerability Scan reported 150206 - Content-Security-Policy Not Implemented
Closed: won't fix
User interface
Created over 1 year ago

Replace README.txt with README.md
Fixed
Documentation
Created over 2 years ago

Fix the warnings/errors reported by PHP_CodeSniffer
Fixed
Code
Created about 5 years ago

Update source url in composer.json
Fixed
Code
Created over 4 years ago

License "GPL-2.0+" is a deprecated SPDX license identifier
Fixed
Code
Created almost 5 years ago

JS/CSS/Noscript code gets added twice to head on 404/403 pages
Fixed
Code
Created over 5 years ago

Minor Typo in SecKitEventSubscriber.php File
Fixed
Code
Created over 4 years ago