Security Kit

Open on Drupal.org →Open on Drupal GitLab →

Created on 26 March 2011, over 14 years ago

Maintained by

🇨🇦Canada badjava
🇳🇿New Zealand jweowu
🇬🇧United Kingdom mcdruid
p0deje

🇬🇧United Kingdom
33%

🇺🇸United States
24%

🇳🇱Netherlands
12%

🇮🇹Italy
9%

🇳🇿New Zealand
7%

🇨🇦Canada
6%

🏴‍☠️
3%

🇪🇸Spain
1%

🇮🇳India
1%

🇷🇺Russia
1%

🇦🇺Australia
1%

Top 10 contributors

Full Fat Things 21%
- 🇬🇧 @the_g_bomb
ezCompany 10%
- 🇳🇱 @idebr
Catalyst IT 9%
- 🇳🇿 @jweowu
- 🇦🇺 @jnlar
Affinity Digital Tech Ltd 9%
- 🇬🇧 @somersoft
Oomph, Inc. 6%
- 🇺🇸 @ben.hamelin
- 🇺🇸 @pfrilling
Blue Oak Interactive 4%
- 🇺🇸 @andyg5000
Chromatic 3%
- 🇺🇸 @apotek
Chronos Interactive Media 3%
- 🇺🇸 @dabblela
Bluehorn Digital 3%
- 🇺🇸 @mglaman
Numiko 3%
- @joshhytr

and 6 individuals ( 25% )

🇪🇸 @bmunslow
🇺🇸 @damienmckenna
🇨🇦 @gapple
🇮🇹 @apaderno
🇷🇺 @a.kovrigin
🇨🇦 @No Sssweat

Merge Requests

!54report-uri is deprecated
Open
Show issue
🇧🇪Belgium Jonasanne
updated 10 days ago
!53Missing CSP directives
Open
Show issue
🇯🇵Japan eleonel
updated about 1 month ago
!52Support flood control for CSP violation reports
Open
Show issue
🇦🇺Australia geoffreyr
updated about 2 months ago
!51Issue #3541096: Remove the term whitelist* from the module
Open
🇬🇧United Kingdom the_g_bomb
updated 2 months ago
!50Issue #3537083: cspell issues reported in pipeline
Open
🇬🇧United Kingdom the_g_bomb
updated 2 months ago
!19Change Feature Policy to Permissions Policy (D8/D9)
Open
Show issue
🇮🇳India Lokeshwari
updated 3 months ago

More Merge Requests

Issues

🐛
report-uri is deprecated
Active
Code
Created over 2 years ago
v2.0
🇳🇱Netherlands laurentd
2 months ago
📌
Remove the term whitelist* from the module
Active
Code
Created 2 months ago
v2.0
🇬🇧United Kingdom the_g_bomb
2 months ago
📌
cspell issues reported in pipeline
Active
Code
Created 3 months ago
v2.0
🇳🇱Netherlands idebr
2 months ago
✨
Change Feature Policy to Permissions Policy (D8/D9)
Needs review
Code
Created almost 5 years ago
v2.0
🇵🇹Portugal rfmarcelino
3 months ago
✨
Add support for the Cross-Origin-Opener-Policy (COOP) header
Active
Code
Created 3 months ago
v2.0
🇺🇸United States pfrilling
3 months ago
✨
Implement the script-src-attr policy
Needs review
Code
Created over 3 years ago
v2.0
🇧🇷Brazil barone
4 months ago
✨
Support for configuring script-src-elem
Active
Code
Created 7 months ago
v2.0
🇺🇸United States apotek
5 months ago
✨
Need to exclude admin path from applying the policies
Active
Code
Created over 1 year ago
v2.0
🇻🇳Vietnam tm01xx
5 months ago
🐛
Breaks sitemap.xml when JS +CSS + Noscript protection is enabled
Active
Code
Created over 4 years ago
v2.0
🇭🇺Hungary asrob
5 months ago
🐛
CSS fails, if default-src "self" configured
Active
Code
Created 6 months ago
v2.0
🇩🇪Germany drupalbubb
5 months ago
💬
Offering to maintain Security Kit
Active
Miscellaneous
Created almost 3 years ago
v2.0
🇮🇳India rajeshreeputra
5 months ago
✨
Extend length of src fields
Needs review
Code
Created over 4 years ago
v2.0
🇷🇸Serbia milovan
5 months ago
✨
Add support for form-action directive
Needs work
Code
Created 6 months ago
v2.0
🇮🇱Israel albert van kiel
6 months ago
✨
Add support for form-action directive
Closed: duplicate
Code
Created 6 months ago
v2.0
🇮🇱Israel albert van kiel
6 months ago
🐛
default-src has wrong description
Needs work
Documentation
Created almost 5 years ago
v2.0
🇦🇺Australia marji
8 months ago
📌
Avoid using document.write('<!--');
Needs work
Code
Created almost 5 years ago
v1.2
🇷🇺Russia kostyashupenko
8 months ago
💬
How to add all google tlds for CSP
Active
User interface
Created over 3 years ago
v2.0
🇺🇸United States justclint
8 months ago
💬
CSP: Directive script-src-elem violated with googletagmanager
Needs work
Code
Created over 4 years ago
v2.0
🇮🇳India sivaprasadc
8 months ago
💬
Google URL's are blocked.
Active
Miscellaneous
Created over 1 year ago
v2.0
🇮🇳India suresh prabhu parkala
8 months ago
✨
Permissions Policy Support
RTBC
Miscellaneous
Created over 4 years ago
v2.0
🇦🇹Austria gr4phic3r
9 months ago
✨
Change Feature Policy to Permissions Policy
Closed: won't fix
Code
Created about 5 years ago
v1.11
🇮🇳India Souvik Pal
9 months ago
🐛
Seckit doesn´t work for Images, CSS, JS
Active
Code
Created 9 months ago
v2.0
🇦🇹Austria gr4phic3r
9 months ago
🐛
Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.
Active
Code
Created over 1 year ago
v2.0
🇺🇦Ukraine bahbka
11 months ago
💬
/report-csp-violation throwing an error
Active
Miscellaneous
Created 11 months ago
v2.0
🇺🇸United States duckydan
11 months ago
✨
Implement a "semi automatic" Nonce settings
Needs review
Miscellaneous
Created about 4 years ago
v2.0
🇧🇷Brazil barone
11 months ago
✨
"Directive style-src-elem violated."
Active
Code
Created about 5 years ago
v1.0
🇺🇸United States damienmckenna
11 months ago
✨
Allow certain paths to be excluded from the Origin check (patch included)
Active
Code
Created over 4 years ago
v2.0
🇬🇧United Kingdom andy tawse
11 months ago
✨
Add worker-src
Needs review
Code
Created about 3 years ago
v1.0
🇬🇧United Kingdom dahousecat
11 months ago
✨
Dispatch an event when there is a CSP violation
Active
Code
Created 11 months ago
v2.0
🇺🇸United States dabblela
11 months ago
✨
Add worker-src
Active
Code
Created over 1 year ago
v2.0
🇬🇧United Kingdom dahousecat
about 1 year ago
✨
Add form-action directive
Needs review
Code
Created over 4 years ago
v2.0
🇬🇧United Kingdom Dubs
about 1 year ago
📌
Drupal calls should be avoided in classes, use dependency injection instead
Active
Code
Created almost 2 years ago
v2.0
🇧🇷Brazil PabloNicolas
about 1 year ago
🐛
Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created about 1 year ago
v2.0
🇮🇳India hetalsagar
about 1 year ago
🐛
Missing container invalidation update from issue modifying services
Active
Code
Created about 1 year ago
v2.0
🇦🇺Australia prussobcm
about 1 year ago
🐛
The base-uri policy is missing
Needs review
Code
Created almost 6 years ago
v2.0
🇧🇪Belgium cubeinspire
about 1 year ago
🐛
Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set
Active
Code
Created almost 2 years ago
v2.0
🇪🇸Spain jsbalsera
about 1 year ago
💬
SA-CONTRIB-2024-039 Clarification?
Fixed
Code
Created about 1 year ago
v2.0
🇺🇸United States kruser
about 1 year ago
✨
Provide hook_seckit_options_alter() D8
Needs review
Code
Created almost 9 years ago
v2.0
🇷🇺Russia ogggg
about 1 year ago
📌
Set 2.x as default branch
Fixed
Code
Created about 1 year ago
v2.0
🇩🇪Germany mkalkbrenner
about 1 year ago
📌
Update summary on project page for compatibility with Project Browser
Active
Miscellaneous
Created about 1 year ago
v2.0
🇺🇸United States leslieg
about 1 year ago
📌
Update logo for compatibility with Project Browser
Active
Miscellaneous
Created about 1 year ago
v2.0
🇺🇸United States leslieg
about 1 year ago
🐛
Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML
Needs work
Code
Created over 6 years ago
v2.0
🇺🇸United States averagejoe3000
about 1 year ago
🐛
php error
Closed: duplicate
Code
Created about 1 year ago
v2.0
🇩🇪Germany ngruendel
about 1 year ago
📌
Modernize services: Add autowiring aliases, use autoconfigure, etc
Needs review
Code
Created about 1 year ago
v2.0
🇦🇺Australia dpi
about 1 year ago
🐛
Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created about 1 year ago
v2.0
🇮🇳India hetalsagar
about 1 year ago
📌
D11 release for seckit
Fixed
Code
Created about 1 year ago
v2.0
🇬🇧United Kingdom mcdruid
about 1 year ago
📌
Coding Standard Issues
Fixed
Code
Created about 1 year ago
v2.0
🇵🇪Peru alyaj2a
about 1 year ago
📌
Add testing of report-csp-violation
Fixed
Code
Created about 1 year ago
v2.0
🇬🇧United Kingdom mcdruid
about 1 year ago
✨
Silent mode for CSP reporting
Active
Code
Created over 3 years ago
v2.0
🇺🇦Ukraine ksemihin
about 1 year ago
✨
Update CSP directives
Needs review
Code
Created about 8 years ago
v2.0
🇺🇸United States Mojiferous
about 1 year ago
✨
Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts
Needs review
Code
Created about 2 years ago
v2.0
🇧🇪Belgium Dozz
about 1 year ago
📌
Automated Drupal 11 compatibility fixes for seckit
Closed: duplicate
Code
Created over 1 year ago
v2.0
project update bot
about 1 year ago
📌
Automated Drupal 11 compatibility fixes for seckit
Fixed
Code
Created over 1 year ago
v2.0
project update bot
about 1 year ago
📌
Fix validate pipeline
Fixed
Code
Created over 1 year ago
v2.0
🇮🇳India ankitv18
about 1 year ago
📌
Add Gitlab CI
Fixed
Code
Created over 1 year ago
v2.0
🇮🇳India deepakkm
about 1 year ago
🐛
No values in X-XSS-Protection Header select box
Fixed
User interface
Created over 7 years ago
v2.0
rajithkumark
over 1 year ago
📌
Drupal 9.1 Deprecated Code Report
RTBC
Code
Created almost 5 years ago
v2.0
🇬🇷Greece suzymasri
over 1 year ago
💬
Question about HSTS max-age
Active
Miscellaneous
Created over 1 year ago
v2.0
🇳🇱Netherlands RobBNL
over 1 year ago
✨
Text fields not big enough
Fixed
Code
Created over 2 years ago
v2.0
🇪🇸Spain penyaskito
over 1 year ago
📌
Add phpcs and drupal-check fixes
Needs review
Code
Created over 3 years ago
v2.0
🇮🇳India bendale
over 1 year ago
✨
Store each CSP rule on a seperate line in config
Active
Code
Created over 1 year ago
v2.0
🇬🇧United Kingdom dahousecat
over 1 year ago
📌
Support flood control for CSP violation reports
Needs work
Code
Created over 9 years ago
v1.0
🇳🇿New Zealand jweowu
over 1 year ago
📌
t() calls should be avoided in classes.
Needs review
Code
Created over 1 year ago
v2.0
🇮🇳India chaitanyadessai
over 1 year ago
📌
\Drupal calls should be avoided in classes, use dependency injection instead
Needs review
Code
Created over 1 year ago
v2.0
🇮🇳India chaitanyadessai
over 1 year ago
📌
Add LICENSE.txt file
Closed: works as designed
Code
Created over 1 year ago
v2.0
🇷🇴Romania ciprian.stavovei
over 1 year ago
💬
Backdrop CMS Port?
Fixed
Miscellaneous
Created over 3 years ago
v1.0
rbargerhuff
over 1 year ago
📌
Misleading recommendation for CSP directive "frame-src"
RTBC
Documentation
Created over 2 years ago
v1.0
🇨🇦Canada fengtan
over 1 year ago
🐛
Fix D7 Forms API syntax
RTBC
Code
Created over 2 years ago
v1.0
🇨🇦Canada mvc
over 1 year ago
✨
Add support for setting referer policy from route in issue #3027122
Needs work
Code
Created about 4 years ago
v2.0
🇦🇺Australia gordon
almost 2 years ago
💬
Lottie files / base64 encoding
Active
Miscellaneous
Created over 2 years ago
v1.11
🇺🇸United States Mile3
almost 2 years ago
💬
Uncaught DOMException: Permission denied to access property "hostname" on cross-origin object
Active
Code
Created almost 2 years ago
v2.0
🇪🇸Spain gpollner
almost 2 years ago
📌
Add a reference to csp_log in documentation
Active
Documentation
Created almost 2 years ago
v2.0
🇧🇪Belgium daften
almost 2 years ago
💬
How to set httpOnly flag on cookies?
Needs review
Documentation
Created almost 2 years ago
v2.0
🇪🇸Spain uridrupal
almost 2 years ago
💬
Vulnerability Scan reported 150206 - Content-Security-Policy Not Implemented
Closed: won't fix
User interface
Created about 2 years ago
v2.0
🇮🇳India ankitasharma13
about 2 years ago
📌
Replace README.txt with README.md
Fixed
Documentation
Created about 3 years ago
v2.0
🇮🇳India Manoj Raj.R
about 2 years ago
📌
Fix the warnings/errors reported by PHP_CodeSniffer
Fixed
Code
Created over 5 years ago
v2.0
🇳🇿New Zealand xurizaemon
about 2 years ago
📌
Update source url in composer.json
Fixed
Code
Created about 5 years ago
v2.0
🇳🇴Norway neslee canil pinto
about 2 years ago
📌
License "GPL-2.0+" is a deprecated SPDX license identifier
Fixed
Code
Created over 5 years ago
v2.0
🇮🇳India harishh
about 2 years ago
🐛
JS/CSS/Noscript code gets added twice to head on 404/403 pages
Fixed
Code
Created almost 6 years ago
v2.0
🇺🇸United States averagejoe3000
about 2 years ago
🐛
Minor Typo in SecKitEventSubscriber.php File
Fixed
Code
Created almost 5 years ago
v2.0
🇮🇳India sivaprasadc
about 2 years ago
📌
Drupal CSS Standards
Fixed
Code
Created over 2 years ago
v1.0
🇺🇸United States bygeoffthompson
about 2 years ago
🐛
seckit/listener library incorrectly defined
Fixed
Code
Created about 2 years ago
v2.0
🇬🇧United Kingdom mcdruid
about 2 years ago
🐛
style-src key missing in seckit.settings.yml
Fixed
Code
Created over 2 years ago
v2.0
🇦🇺Australia jnlar
about 2 years ago
✨
Remove Generator meta tag from output
Closed: works as designed
Code
Created about 9 years ago
v2.0
🇦🇺Australia chop
about 2 years ago
🐛
Illegal choice 0 in Configure element.
Closed: duplicate
Code
Created about 5 years ago
v2.0
🇮🇳India vijay.mayilsamy
about 2 years ago
📌
Add textarea type to script-src field
Closed: duplicate
Code
Created about 3 years ago
v2.0
🇮🇳India ashetkar
about 2 years ago
✨
Allow entering more content in CSP fields
Closed: duplicate
Code
Created about 3 years ago
v2.0
🇨🇦Canada dylan donkersgoed
about 2 years ago
✨
Extend length of feature policy field
Closed: duplicate
Code
Created about 6 years ago
v2.0
🇳🇱Netherlands dennis_meuwissen
about 2 years ago
✨
Add support for form-action CSP directive
Active
Code
Created almost 8 years ago
v1.0
🇺🇸United States milodesc
about 2 years ago
✨
Longer fields to support Google TLD's
Closed: duplicate
Code
Created over 2 years ago
v1.0
🇨🇦Canada djac
over 2 years ago
📌
Trailing slash on void elements has no effect and interacts badly with unquoted attribute values
Closed: duplicate
Code
Created over 2 years ago
v2.0
fromme
over 2 years ago
📌
Remove type="text/javascript" from <script> tag
Needs review
Code
Created over 2 years ago
v2.0
fromme
over 2 years ago
🐛
Deprecated Feature Used Expect-CT header
Needs review
Code
Created almost 3 years ago
v2.0
l_nava
over 2 years ago
🐛
Expect-CT is deprecated; provide a warning or remove
Closed: duplicate
Code
Created over 2 years ago
v2.0
🇯🇵Japan ptmkenny
over 2 years ago
✨
Text fields not big enough
Fixed
Code
Created over 6 years ago
v1.0
🇬🇧United Kingdom dunx
over 2 years ago
📌
Skip report-uri processing if value is empty
Fixed
Code
Created almost 6 years ago
v1.0
🇺🇸United States ron_s
over 2 years ago
✨
Add support for feature-policy header
Fixed
Code
Created about 7 years ago
v1.0
🇦🇺Australia adammalone
over 2 years ago
🌱
Deprecate / Remove Content Security Policy configuration in favour of Content Security Policy module
Active
Code
Created over 7 years ago
v1.0
🇨🇦Canada gapple
over 2 years ago
🐛
Missing Strict-Transport-Security header
Closed: works as designed
Code
Created over 6 years ago
v1.0
🇨🇭Switzerland handkerchief
over 2 years ago
🐛
ALLOW-FROM directive in x-frame-options is obsolete
Active
Code
Created almost 3 years ago
v2.0
🇬🇧United Kingdom oldspot
almost 3 years ago

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

Security Kit

Top 10 contributors

and 6 other organisations

and 6 individuals ( 25% )

Merge Requests

!54report-uri is deprecatedOpen Show issue

!53Missing CSP directivesOpen Show issue

!52Support flood control for CSP violation reportsOpen Show issue

!51Issue #3541096: Remove the term whitelist* from the moduleOpen

!50Issue #3537083: cspell issues reported in pipelineOpen

!19Change Feature Policy to Permissions Policy (D8/D9)Open Show issue

Issues

report-uri is deprecatedActiveCode Created over 2 years ago

Remove the term whitelist* from the moduleActiveCode Created 2 months ago

cspell issues reported in pipelineActiveCode Created 3 months ago

Change Feature Policy to Permissions Policy (D8/D9)Needs reviewCode Created almost 5 years ago

Add support for the Cross-Origin-Opener-Policy (COOP) headerActiveCode Created 3 months ago

Implement the script-src-attr policyNeeds reviewCode Created over 3 years ago

Support for configuring script-src-elemActiveCode Created 7 months ago

Need to exclude admin path from applying the policiesActiveCode Created over 1 year ago

Breaks sitemap.xml when JS +CSS + Noscript protection is enabledActiveCode Created over 4 years ago

CSS fails, if default-src "self" configuredActiveCode Created 6 months ago

Offering to maintain Security KitActiveMiscellaneous Created almost 3 years ago

Extend length of src fieldsNeeds reviewCode Created over 4 years ago

Add support for form-action directiveNeeds workCode Created 6 months ago

Add support for form-action directiveClosed: duplicateCode Created 6 months ago

default-src has wrong descriptionNeeds workDocumentation Created almost 5 years ago

Avoid using document.write('<!--');Needs workCode Created almost 5 years ago

How to add all google tlds for CSPActiveUser interface Created over 3 years ago

CSP: Directive script-src-elem violated with googletagmanagerNeeds workCode Created over 4 years ago

Google URL's are blocked. ActiveMiscellaneous Created over 1 year ago

Permissions Policy SupportRTBCMiscellaneous Created over 4 years ago

Change Feature Policy to Permissions PolicyClosed: won't fixCode Created about 5 years ago

Seckit doesn´t work for Images, CSS, JSActiveCode Created 9 months ago

Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.ActiveCode Created over 1 year ago

/report-csp-violation throwing an errorActiveMiscellaneous Created 11 months ago

Implement a "semi automatic" Nonce settingsNeeds reviewMiscellaneous Created about 4 years ago

"Directive style-src-elem violated."ActiveCode Created about 5 years ago

Allow certain paths to be excluded from the Origin check (patch included)ActiveCode Created over 4 years ago

Add worker-srcNeeds reviewCode Created about 3 years ago

Dispatch an event when there is a CSP violationActiveCode Created 11 months ago

Add worker-srcActiveCode Created over 1 year ago

Add form-action directiveNeeds reviewCode Created over 4 years ago

Drupal calls should be avoided in classes, use dependency injection insteadActiveCode Created almost 2 years ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is onActiveCode Created about 1 year ago

Missing container invalidation update from issue modifying servicesActiveCode Created about 1 year ago

The base-uri policy is missingNeeds reviewCode Created almost 6 years ago

Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is setActiveCode Created almost 2 years ago

SA-CONTRIB-2024-039 Clarification?FixedCode Created about 1 year ago

Provide hook_seckit_options_alter() D8Needs reviewCode Created almost 9 years ago

Set 2.x as default branchFixedCode Created about 1 year ago

Update summary on project page for compatibility with Project BrowserActiveMiscellaneous Created about 1 year ago

Update logo for compatibility with Project BrowserActiveMiscellaneous Created about 1 year ago

Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTMLNeeds workCode Created over 6 years ago

php errorClosed: duplicateCode Created about 1 year ago

Modernize services: Add autowiring aliases, use autoconfigure, etcNeeds reviewCode Created about 1 year ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is onActiveCode Created about 1 year ago

D11 release for seckitFixedCode Created about 1 year ago

Coding Standard Issues FixedCode Created about 1 year ago

Add testing of report-csp-violationFixedCode Created about 1 year ago

Silent mode for CSP reportingActiveCode Created over 3 years ago

Update CSP directivesNeeds reviewCode Created about 8 years ago

Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts Needs reviewCode Created about 2 years ago

Automated Drupal 11 compatibility fixes for seckitClosed: duplicateCode Created over 1 year ago

Automated Drupal 11 compatibility fixes for seckitFixedCode Created over 1 year ago

Fix validate pipelineFixedCode Created over 1 year ago

Add Gitlab CIFixedCode Created over 1 year ago

No values in X-XSS-Protection Header select box FixedUser interface Created over 7 years ago

Drupal 9.1 Deprecated Code ReportRTBCCode Created almost 5 years ago

Question about HSTS max-ageActiveMiscellaneous Created over 1 year ago

Text fields not big enoughFixedCode Created over 2 years ago

Add phpcs and drupal-check fixesNeeds reviewCode Created over 3 years ago

Store each CSP rule on a seperate line in configActiveCode Created over 1 year ago

Support flood control for CSP violation reportsNeeds workCode Created over 9 years ago

t() calls should be avoided in classes.Needs reviewCode Created over 1 year ago

\Drupal calls should be avoided in classes, use dependency injection insteadNeeds reviewCode Created over 1 year ago

Add LICENSE.txt fileClosed: works as designedCode Created over 1 year ago

Backdrop CMS Port?FixedMiscellaneous Created over 3 years ago

Misleading recommendation for CSP directive "frame-src"RTBCDocumentation Created over 2 years ago

Fix D7 Forms API syntaxRTBCCode Created over 2 years ago

!54report-uri is deprecated
Open
Show issue

!53Missing CSP directives
Open
Show issue

!52Support flood control for CSP violation reports
Open
Show issue

!51Issue #3541096: Remove the term whitelist* from the module
Open

!50Issue #3537083: cspell issues reported in pipeline
Open

!19Change Feature Policy to Permissions Policy (D8/D9)
Open
Show issue

report-uri is deprecated
Active
Code
Created over 2 years ago

Remove the term whitelist* from the module
Active
Code
Created 2 months ago

cspell issues reported in pipeline
Active
Code
Created 3 months ago

Change Feature Policy to Permissions Policy (D8/D9)
Needs review
Code
Created almost 5 years ago

Add support for the Cross-Origin-Opener-Policy (COOP) header
Active
Code
Created 3 months ago

Implement the script-src-attr policy
Needs review
Code
Created over 3 years ago

Support for configuring script-src-elem
Active
Code
Created 7 months ago

Need to exclude admin path from applying the policies
Active
Code
Created over 1 year ago

Breaks sitemap.xml when JS +CSS + Noscript protection is enabled
Active
Code
Created over 4 years ago

CSS fails, if default-src "self" configured
Active
Code
Created 6 months ago

Offering to maintain Security Kit
Active
Miscellaneous
Created almost 3 years ago

Extend length of src fields
Needs review
Code
Created over 4 years ago

Add support for form-action directive
Needs work
Code
Created 6 months ago

Add support for form-action directive
Closed: duplicate
Code
Created 6 months ago

default-src has wrong description
Needs work
Documentation
Created almost 5 years ago

Avoid using document.write('<!--');
Needs work
Code
Created almost 5 years ago

How to add all google tlds for CSP
Active
User interface
Created over 3 years ago

CSP: Directive script-src-elem violated with googletagmanager
Needs work
Code
Created over 4 years ago

Google URL's are blocked.
Active
Miscellaneous
Created over 1 year ago

Permissions Policy Support
RTBC
Miscellaneous
Created over 4 years ago

Change Feature Policy to Permissions Policy
Closed: won't fix
Code
Created about 5 years ago

Seckit doesn´t work for Images, CSS, JS
Active
Code
Created 9 months ago

Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.
Active
Code
Created over 1 year ago

/report-csp-violation throwing an error
Active
Miscellaneous
Created 11 months ago

Implement a "semi automatic" Nonce settings
Needs review
Miscellaneous
Created about 4 years ago

"Directive style-src-elem violated."
Active
Code
Created about 5 years ago

Allow certain paths to be excluded from the Origin check (patch included)
Active
Code
Created over 4 years ago

Add worker-src
Needs review
Code
Created about 3 years ago

Dispatch an event when there is a CSP violation
Active
Code
Created 11 months ago

Add worker-src
Active
Code
Created over 1 year ago

Add form-action directive
Needs review
Code
Created over 4 years ago

Drupal calls should be avoided in classes, use dependency injection instead
Active
Code
Created almost 2 years ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created about 1 year ago

Missing container invalidation update from issue modifying services
Active
Code
Created about 1 year ago

The base-uri policy is missing
Needs review
Code
Created almost 6 years ago

Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set
Active
Code
Created almost 2 years ago

SA-CONTRIB-2024-039 Clarification?
Fixed
Code
Created about 1 year ago

Provide hook_seckit_options_alter() D8
Needs review
Code
Created almost 9 years ago

Set 2.x as default branch
Fixed
Code
Created about 1 year ago

Update summary on project page for compatibility with Project Browser
Active
Miscellaneous
Created about 1 year ago

Update logo for compatibility with Project Browser
Active
Miscellaneous
Created about 1 year ago

Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML
Needs work
Code
Created over 6 years ago

php error
Closed: duplicate
Code
Created about 1 year ago

Modernize services: Add autowiring aliases, use autoconfigure, etc
Needs review
Code
Created about 1 year ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created about 1 year ago

D11 release for seckit
Fixed
Code
Created about 1 year ago

Coding Standard Issues
Fixed
Code
Created about 1 year ago

Add testing of report-csp-violation
Fixed
Code
Created about 1 year ago

Silent mode for CSP reporting
Active
Code
Created over 3 years ago

Update CSP directives
Needs review
Code
Created about 8 years ago

Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts
Needs review
Code
Created about 2 years ago

Automated Drupal 11 compatibility fixes for seckit
Closed: duplicate
Code
Created over 1 year ago

Automated Drupal 11 compatibility fixes for seckit
Fixed
Code
Created over 1 year ago

Fix validate pipeline
Fixed
Code
Created over 1 year ago

Add Gitlab CI
Fixed
Code
Created over 1 year ago

No values in X-XSS-Protection Header select box
Fixed
User interface
Created over 7 years ago

Drupal 9.1 Deprecated Code Report
RTBC
Code
Created almost 5 years ago

Question about HSTS max-age
Active
Miscellaneous
Created over 1 year ago

Text fields not big enough
Fixed
Code
Created over 2 years ago

Add phpcs and drupal-check fixes
Needs review
Code
Created over 3 years ago

Store each CSP rule on a seperate line in config
Active
Code
Created over 1 year ago

Support flood control for CSP violation reports
Needs work
Code
Created over 9 years ago

t() calls should be avoided in classes.
Needs review
Code
Created over 1 year ago

\Drupal calls should be avoided in classes, use dependency injection instead
Needs review
Code
Created over 1 year ago

Add LICENSE.txt file
Closed: works as designed
Code
Created over 1 year ago

Backdrop CMS Port?
Fixed
Miscellaneous
Created over 3 years ago

Misleading recommendation for CSP directive "frame-src"
RTBC
Documentation
Created over 2 years ago

Fix D7 Forms API syntax
RTBC
Code
Created over 2 years ago

Add support for setting referer policy from route in issue #3027122
Needs work
Code
Created about 4 years ago

Lottie files / base64 encoding
Active
Miscellaneous
Created over 2 years ago

Uncaught DOMException: Permission denied to access property "hostname" on cross-origin object
Active
Code
Created almost 2 years ago

Add a reference to csp_log in documentation
Active
Documentation
Created almost 2 years ago

How to set httpOnly flag on cookies?
Needs review
Documentation
Created almost 2 years ago

Vulnerability Scan reported 150206 - Content-Security-Policy Not Implemented
Closed: won't fix
User interface
Created about 2 years ago