Security Kit

Open on Drupal.org →Open on Drupal GitLab →

Created on 26 March 2011, over 14 years ago

Maintained by

🇨🇦Canada badjava
🇳🇿New Zealand jweowu
🇬🇧United Kingdom mcdruid
p0deje

🇬🇧United Kingdom
30%

🇺🇸United States
18%

🇳🇱Netherlands
9%

🇦🇺Australia
8%

🇮🇳India
5%

🇮🇹Italy
5%

🇳🇿New Zealand
5%

🇵🇪Peru
5%

🇩🇪Germany
4%

🇨🇦Canada
4%

🇫🇮Finland
2%

🏴‍☠️
2%

🇷🇺Russia
2%

🏴‍☠️🇪🇸 🇺🇦 🇧🇷
2%

Top 10 contributors

Full Fat Things 12%
- 🇬🇧 @the_g_bomb
Catalyst IT 6%
- 🇳🇿 @jweowu
- 🇦🇺 @jnlar
ezCompany 5%
- 🇳🇱 @idebr
Affinity Digital Tech Ltd 5%
- 🇬🇧 @somersoft
SeeD EM 5%
- 🇵🇪 @alyaj2a
Third and Grove 4%
- 🇺🇸 @jds1
Oomph, Inc. 3%
- 🇺🇸 @ben.hamelin
- 🇺🇸 @pfrilling
Jarltech Europe GmbH 3%
- 🇩🇪 @mkalkbrenner
DICTU 3%
- 🇳🇱 @groendijk
Blue Oak Interactive 2%
- 🇺🇸 @andyg5000

+18

and 11 individuals ( 36% )

🇪🇸 @bmunslow
🇬🇧 @dahousecat
🇺🇸 @damienmckenna
🇦🇺 @dpi
🇨🇦 @gapple
🇮🇹 @apaderno
🇷🇺 @shra
🇬🇧 @littlepixiez
🇷🇺 @a.kovrigin
🇮🇳 @hetalsagar
🇨🇦 @No Sssweat

Merge Requests

!51Issue #3541096: Remove the term whitelist* from the module
Open
🇬🇧United Kingdom the_g_bomb
updated 1 day ago
!50Issue #3537083: cspell issues reported in pipeline
Open
🇬🇧United Kingdom the_g_bomb
updated 1 day ago
!19Change Feature Policy to Permissions Policy (D8/D9)
Open
Show issue
🇮🇳India Lokeshwari
updated 24 days ago
!49Added COOP header support
Open
🇺🇸United States pfrilling
updated 28 days ago
!48Implement the script-src-attr policy
Open
Show issue
🇺🇸United States andyg5000
updated 2 months ago
!47Resolve #3521718 "Add support for form-action directive"
Open
Unnamed author
updated 3 months ago

More Merge Requests

Issues

📌
Remove the term whitelist* from the module
Active
Code
Created 1 day ago
v2.0
🇬🇧United Kingdom the_g_bomb
about 20 hours ago
📌
cspell issues reported in pipeline
Active
Code
Created 24 days ago
v2.0
🇳🇱Netherlands idebr
1 day ago
✨
Change Feature Policy to Permissions Policy (D8/D9)
Needs review
Code
Created over 4 years ago
v2.0
🇵🇹Portugal rfmarcelino
24 days ago
✨
Add support for the Cross-Origin-Opener-Policy (COOP) header
Active
Code
Created 28 days ago
v2.0
🇺🇸United States pfrilling
28 days ago
✨
Implement the script-src-attr policy
Needs review
Code
Created over 3 years ago
v2.0
🇧🇷Brazil barone
2 months ago
✨
Support for configuring script-src-elem
Active
Code
Created 5 months ago
v2.0
🇺🇸United States apotek
2 months ago
✨
Need to exclude admin path from applying the policies
Active
Code
Created over 1 year ago
v2.0
🇻🇳Vietnam tm01xx
3 months ago
🐛
Breaks sitemap.xml when JS +CSS + Noscript protection is enabled
Active
Code
Created about 4 years ago
v2.0
🇭🇺Hungary asrob
3 months ago
🐛
CSS fails, if default-src "self" configured
Active
Code
Created 3 months ago
v2.0
🇩🇪Germany drupalbubb
3 months ago
💬
Offering to maintain Security Kit
Active
Miscellaneous
Created over 2 years ago
v2.0
🇮🇳India rajeshreeputra
3 months ago
✨
Extend length of src fields
Needs review
Code
Created over 4 years ago
v2.0
🇷🇸Serbia milovan
3 months ago
✨
Add support for form-action directive
Needs work
Code
Created 4 months ago
v2.0
🇮🇱Israel albert van kiel
3 months ago
✨
Add support for form-action directive
Closed: duplicate
Code
Created 4 months ago
v2.0
🇮🇱Israel albert van kiel
3 months ago
🐛
default-src has wrong description
Needs work
Documentation
Created over 4 years ago
v2.0
🇦🇺Australia marji
6 months ago
📌
Avoid using document.write('<!--');
Needs work
Code
Created over 4 years ago
v1.2
🇷🇺Russia kostyashupenko
6 months ago
💬
How to add all google tlds for CSP
Active
User interface
Created about 3 years ago
v2.0
🇺🇸United States justclint
6 months ago
💬
CSP: Directive script-src-elem violated with googletagmanager
Needs work
Code
Created over 4 years ago
v2.0
🇮🇳India sivaprasadc
6 months ago
💬
Google URL's are blocked.
Active
Miscellaneous
Created over 1 year ago
v2.0
🇮🇳India suresh prabhu parkala
6 months ago
✨
Permissions Policy Support
RTBC
Miscellaneous
Created over 4 years ago
v2.0
🇦🇹Austria gr4phic3r
7 months ago
✨
Change Feature Policy to Permissions Policy
Closed: won't fix
Code
Created almost 5 years ago
v1.11
🇮🇳India Souvik Pal
7 months ago
🐛
Seckit doesn´t work for Images, CSS, JS
Active
Code
Created 7 months ago
v2.0
🇦🇹Austria gr4phic3r
7 months ago
🐛
Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.
Active
Code
Created over 1 year ago
v2.0
🇺🇦Ukraine bahbka
8 months ago
💬
/report-csp-violation throwing an error
Active
Miscellaneous
Created 8 months ago
v2.0
🇺🇸United States duckydan
8 months ago
✨
Implement a "semi automatic" Nonce settings
Needs review
Miscellaneous
Created almost 4 years ago
v2.0
🇧🇷Brazil barone
8 months ago
✨
"Directive style-src-elem violated."
Active
Code
Created almost 5 years ago
v1.0
🇺🇸United States damienmckenna
9 months ago
✨
Allow certain paths to be excluded from the Origin check (patch included)
Active
Code
Created over 4 years ago
v2.0
🇬🇧United Kingdom andy tawse
9 months ago
✨
Add worker-src
Needs review
Code
Created about 3 years ago
v1.0
🇬🇧United Kingdom dahousecat
9 months ago
✨
Dispatch an event when there is a CSP violation
Active
Code
Created 9 months ago
v2.0
🇺🇸United States dabblela
9 months ago
✨
Add worker-src
Active
Code
Created over 1 year ago
v2.0
🇬🇧United Kingdom dahousecat
10 months ago
✨
Add form-action directive
Needs review
Code
Created about 4 years ago
v2.0
🇬🇧United Kingdom Dubs
10 months ago
📌
Drupal calls should be avoided in classes, use dependency injection instead
Active
Code
Created almost 2 years ago
v2.0
🇧🇷Brazil PabloNicolas
10 months ago
🐛
Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created 11 months ago
v2.0
🇮🇳India hetalsagar
10 months ago
🐛
Missing container invalidation update from issue modifying services
Active
Code
Created 12 months ago
v2.0
🇦🇺Australia prussobcm
10 months ago
🐛
The base-uri policy is missing
Needs review
Code
Created over 5 years ago
v2.0
🇧🇪Belgium cubeinspire
11 months ago
🐛
Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set
Active
Code
Created over 1 year ago
v2.0
🇪🇸Spain jsbalsera
11 months ago
💬
SA-CONTRIB-2024-039 Clarification?
Fixed
Code
Created 11 months ago
v2.0
🇺🇸United States kruser
11 months ago
✨
Provide hook_seckit_options_alter() D8
Needs review
Code
Created over 8 years ago
v2.0
🇷🇺Russia ogggg
11 months ago
📌
Set 2.x as default branch
Fixed
Code
Created 12 months ago
v2.0
🇩🇪Germany mkalkbrenner
11 months ago
📌
Update summary on project page for compatibility with Project Browser
Active
Miscellaneous
Created 11 months ago
v2.0
🇺🇸United States leslieg
11 months ago
📌
Update logo for compatibility with Project Browser
Active
Miscellaneous
Created 11 months ago
v2.0
🇺🇸United States leslieg
11 months ago
🐛
Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML
Needs work
Code
Created about 6 years ago
v2.0
🇺🇸United States averagejoe3000
11 months ago
🐛
php error
Closed: duplicate
Code
Created 11 months ago
v2.0
🇩🇪Germany ngruendel
11 months ago
📌
Modernize services: Add autowiring aliases, use autoconfigure, etc
Needs review
Code
Created 11 months ago
v2.0
🇦🇺Australia dpi
11 months ago
🐛
Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created 11 months ago
v2.0
🇮🇳India hetalsagar
11 months ago
📌
D11 release for seckit
Fixed
Code
Created 12 months ago
v2.0
🇬🇧United Kingdom mcdruid
11 months ago
📌
Coding Standard Issues
Fixed
Code
Created 11 months ago
v2.0
🇵🇪Peru alyaj2a
11 months ago
📌
Add testing of report-csp-violation
Fixed
Code
Created 12 months ago
v2.0
🇬🇧United Kingdom mcdruid
11 months ago
✨
Silent mode for CSP reporting
Active
Code
Created over 3 years ago
v2.0
🇺🇦Ukraine ksemihin
12 months ago
✨
Update CSP directives
Needs review
Code
Created almost 8 years ago
v2.0
🇺🇸United States Mojiferous
12 months ago
✨
Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts
Needs review
Code
Created almost 2 years ago
v2.0
🇧🇪Belgium Dozz
12 months ago
📌
Automated Drupal 11 compatibility fixes for seckit
Closed: duplicate
Code
Created about 1 year ago
v2.0
project update bot
12 months ago
📌
Automated Drupal 11 compatibility fixes for seckit
Fixed
Code
Created over 1 year ago
v2.0
project update bot
about 1 year ago
📌
Fix validate pipeline
Fixed
Code
Created about 1 year ago
v2.0
🇮🇳India ankitv18
about 1 year ago
📌
Add Gitlab CI
Fixed
Code
Created over 1 year ago
v2.0
🇮🇳India deepakkm
about 1 year ago
🐛
No values in X-XSS-Protection Header select box
Fixed
User interface
Created about 7 years ago
v2.0
rajithkumark
about 1 year ago
📌
Drupal 9.1 Deprecated Code Report
RTBC
Code
Created over 4 years ago
v2.0
🇬🇷Greece suzymasri
about 1 year ago
💬
Question about HSTS max-age
Active
Miscellaneous
Created over 1 year ago
v2.0
🇳🇱Netherlands RobBNL
about 1 year ago
✨
Text fields not big enough
Fixed
Code
Created over 2 years ago
v2.0
🇪🇸Spain penyaskito
over 1 year ago
📌
Add phpcs and drupal-check fixes
Needs review
Code
Created over 3 years ago
v2.0
🇮🇳India bendale
over 1 year ago
✨
Store each CSP rule on a seperate line in config
Active
Code
Created over 1 year ago
v2.0
🇬🇧United Kingdom dahousecat
over 1 year ago
📌
Support flood control for CSP violation reports
Needs work
Code
Created over 9 years ago
v1.0
🇳🇿New Zealand jweowu
over 1 year ago
📌
t() calls should be avoided in classes.
Needs review
Code
Created over 1 year ago
v2.0
🇮🇳India chaitanyadessai
over 1 year ago
📌
\Drupal calls should be avoided in classes, use dependency injection instead
Needs review
Code
Created over 1 year ago
v2.0
🇮🇳India chaitanyadessai
over 1 year ago
📌
Add LICENSE.txt file
Closed: works as designed
Code
Created over 1 year ago
v2.0
🇷🇴Romania ciprian.stavovei
over 1 year ago
💬
Backdrop CMS Port?
Fixed
Miscellaneous
Created over 3 years ago
v1.0
rbargerhuff
over 1 year ago
📌
Misleading recommendation for CSP directive "frame-src"
RTBC
Documentation
Created over 2 years ago
v1.0
🇨🇦Canada fengtan
over 1 year ago
🐛
Fix D7 Forms API syntax
RTBC
Code
Created about 2 years ago
v1.0
🇨🇦Canada mvc
over 1 year ago
✨
Add support for setting referer policy from route in issue #3027122
Needs work
Code
Created about 4 years ago
v2.0
🇦🇺Australia gordon
over 1 year ago
💬
Lottie files / base64 encoding
Active
Miscellaneous
Created over 2 years ago
v1.11
🇺🇸United States Mile3
over 1 year ago
💬
Uncaught DOMException: Permission denied to access property "hostname" on cross-origin object
Active
Code
Created almost 2 years ago
v2.0
🇪🇸Spain gpollner
over 1 year ago
📌
Add a reference to csp_log in documentation
Active
Documentation
Created over 1 year ago
v2.0
🇧🇪Belgium daften
over 1 year ago
💬
How to set httpOnly flag on cookies?
Needs review
Documentation
Created almost 2 years ago
v2.0
🇪🇸Spain uridrupal
almost 2 years ago
💬
Vulnerability Scan reported 150206 - Content-Security-Policy Not Implemented
Closed: won't fix
User interface
Created almost 2 years ago
v2.0
🇮🇳India ankitasharma13
almost 2 years ago
📌
Replace README.txt with README.md
Fixed
Documentation
Created almost 3 years ago
v2.0
🇮🇳India Manoj Raj.R
almost 2 years ago
📌
Fix the warnings/errors reported by PHP_CodeSniffer
Fixed
Code
Created over 5 years ago
v2.0
🇳🇿New Zealand xurizaemon
almost 2 years ago
📌
Update source url in composer.json
Fixed
Code
Created almost 5 years ago
v2.0
🇳🇴Norway neslee canil pinto
about 2 years ago
📌
License "GPL-2.0+" is a deprecated SPDX license identifier
Fixed
Code
Created about 5 years ago
v2.0
🇮🇳India harishh
about 2 years ago
🐛
JS/CSS/Noscript code gets added twice to head on 404/403 pages
Fixed
Code
Created over 5 years ago
v2.0
🇺🇸United States averagejoe3000
about 2 years ago
🐛
Minor Typo in SecKitEventSubscriber.php File
Fixed
Code
Created over 4 years ago
v2.0
🇮🇳India sivaprasadc
about 2 years ago
📌
Drupal CSS Standards
Fixed
Code
Created over 2 years ago
v1.0
🇺🇸United States bygeoffthompson
about 2 years ago
🐛
seckit/listener library incorrectly defined
Fixed
Code
Created about 2 years ago
v2.0
🇬🇧United Kingdom mcdruid
about 2 years ago
🐛
style-src key missing in seckit.settings.yml
Fixed
Code
Created about 2 years ago
v2.0
🇦🇺Australia jnlar
about 2 years ago
🐛
report-uri is deprecated
Active
Code
Created over 2 years ago
v2.0
🇳🇱Netherlands LaurentD
about 2 years ago
✨
Remove Generator meta tag from output
Closed: works as designed
Code
Created almost 9 years ago
v2.0
🇦🇺Australia chop
about 2 years ago
🐛
Illegal choice 0 in Configure element.
Closed: duplicate
Code
Created about 5 years ago
v2.0
🇮🇳India vijay.mayilsamy
about 2 years ago
📌
Add textarea type to script-src field
Closed: duplicate
Code
Created about 3 years ago
v2.0
🇮🇳India ashetkar
about 2 years ago
✨
Allow entering more content in CSP fields
Closed: duplicate
Code
Created almost 3 years ago
v2.0
🇨🇦Canada dylan donkersgoed
about 2 years ago
✨
Extend length of feature policy field
Closed: duplicate
Code
Created almost 6 years ago
v2.0
🇳🇱Netherlands dennis_meuwissen
about 2 years ago
✨
Add support for form-action CSP directive
Active
Code
Created over 7 years ago
v1.0
🇺🇸United States milodesc
about 2 years ago
✨
Longer fields to support Google TLD's
Closed: duplicate
Code
Created about 2 years ago
v1.0
🇨🇦Canada djac
about 2 years ago
📌
Trailing slash on void elements has no effect and interacts badly with unquoted attribute values
Closed: duplicate
Code
Created about 2 years ago
v2.0
fromme
about 2 years ago
📌
Remove type="text/javascript" from <script> tag
Needs review
Code
Created about 2 years ago
v2.0
fromme
about 2 years ago
🐛
Deprecated Feature Used Expect-CT header
Needs review
Code
Created almost 3 years ago
v2.0
l_nava
about 2 years ago
🐛
Expect-CT is deprecated; provide a warning or remove
Closed: duplicate
Code
Created over 2 years ago
v2.0
🇯🇵Japan ptmkenny
about 2 years ago
✨
Text fields not big enough
Fixed
Code
Created about 6 years ago
v1.0
🇬🇧United Kingdom dunx
over 2 years ago
📌
Skip report-uri processing if value is empty
Fixed
Code
Created over 5 years ago
v1.0
🇺🇸United States ron_s
over 2 years ago
✨
Add support for feature-policy header
Fixed
Code
Created about 7 years ago
v1.0
🇦🇺Australia adammalone
over 2 years ago
🌱
Deprecate / Remove Content Security Policy configuration in favour of Content Security Policy module
Active
Code
Created about 7 years ago
v1.0
🇨🇦Canada gapple
over 2 years ago
🐛
Missing Strict-Transport-Security header
Closed: works as designed
Code
Created over 6 years ago
v1.0
🇨🇭Switzerland handkerchief
over 2 years ago
🐛
ALLOW-FROM directive in x-frame-options is obsolete
Active
Code
Created over 2 years ago
v2.0
🇬🇧United Kingdom oldspot
over 2 years ago

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

Security Kit

Top 10 contributors

and 18 other organisations

and 11 individuals ( 36% )

Merge Requests

!51Issue #3541096: Remove the term whitelist* from the moduleOpen

!50Issue #3537083: cspell issues reported in pipelineOpen

!19Change Feature Policy to Permissions Policy (D8/D9)Open Show issue

!49Added COOP header supportOpen

!48Implement the script-src-attr policyOpen Show issue

!47Resolve #3521718 "Add support for form-action directive"Open

Issues

Remove the term whitelist* from the moduleActiveCode Created 1 day ago

cspell issues reported in pipelineActiveCode Created 24 days ago

Change Feature Policy to Permissions Policy (D8/D9)Needs reviewCode Created over 4 years ago

Add support for the Cross-Origin-Opener-Policy (COOP) headerActiveCode Created 28 days ago

Implement the script-src-attr policyNeeds reviewCode Created over 3 years ago

Support for configuring script-src-elemActiveCode Created 5 months ago

Need to exclude admin path from applying the policiesActiveCode Created over 1 year ago

Breaks sitemap.xml when JS +CSS + Noscript protection is enabledActiveCode Created about 4 years ago

CSS fails, if default-src "self" configuredActiveCode Created 3 months ago

Offering to maintain Security KitActiveMiscellaneous Created over 2 years ago

Extend length of src fieldsNeeds reviewCode Created over 4 years ago

Add support for form-action directiveNeeds workCode Created 4 months ago

Add support for form-action directiveClosed: duplicateCode Created 4 months ago

default-src has wrong descriptionNeeds workDocumentation Created over 4 years ago

Avoid using document.write('<!--');Needs workCode Created over 4 years ago

How to add all google tlds for CSPActiveUser interface Created about 3 years ago

CSP: Directive script-src-elem violated with googletagmanagerNeeds workCode Created over 4 years ago

Google URL's are blocked. ActiveMiscellaneous Created over 1 year ago

Permissions Policy SupportRTBCMiscellaneous Created over 4 years ago

Change Feature Policy to Permissions PolicyClosed: won't fixCode Created almost 5 years ago

Seckit doesn´t work for Images, CSS, JSActiveCode Created 7 months ago

Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.ActiveCode Created over 1 year ago

/report-csp-violation throwing an errorActiveMiscellaneous Created 8 months ago

Implement a "semi automatic" Nonce settingsNeeds reviewMiscellaneous Created almost 4 years ago

"Directive style-src-elem violated."ActiveCode Created almost 5 years ago

Allow certain paths to be excluded from the Origin check (patch included)ActiveCode Created over 4 years ago

Add worker-srcNeeds reviewCode Created about 3 years ago

Dispatch an event when there is a CSP violationActiveCode Created 9 months ago

Add worker-srcActiveCode Created over 1 year ago

Add form-action directiveNeeds reviewCode Created about 4 years ago

Drupal calls should be avoided in classes, use dependency injection insteadActiveCode Created almost 2 years ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is onActiveCode Created 11 months ago

Missing container invalidation update from issue modifying servicesActiveCode Created 12 months ago

The base-uri policy is missingNeeds reviewCode Created over 5 years ago

Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is setActiveCode Created over 1 year ago

SA-CONTRIB-2024-039 Clarification?FixedCode Created 11 months ago

Provide hook_seckit_options_alter() D8Needs reviewCode Created over 8 years ago

Set 2.x as default branchFixedCode Created 12 months ago

Update summary on project page for compatibility with Project BrowserActiveMiscellaneous Created 11 months ago

Update logo for compatibility with Project BrowserActiveMiscellaneous Created 11 months ago

Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTMLNeeds workCode Created about 6 years ago

php errorClosed: duplicateCode Created 11 months ago

Modernize services: Add autowiring aliases, use autoconfigure, etcNeeds reviewCode Created 11 months ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is onActiveCode Created 11 months ago

D11 release for seckitFixedCode Created 12 months ago

Coding Standard Issues FixedCode Created 11 months ago

Add testing of report-csp-violationFixedCode Created 12 months ago

Silent mode for CSP reportingActiveCode Created over 3 years ago

Update CSP directivesNeeds reviewCode Created almost 8 years ago

Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts Needs reviewCode Created almost 2 years ago

Automated Drupal 11 compatibility fixes for seckitClosed: duplicateCode Created about 1 year ago

Automated Drupal 11 compatibility fixes for seckitFixedCode Created over 1 year ago

Fix validate pipelineFixedCode Created about 1 year ago

Add Gitlab CIFixedCode Created over 1 year ago

No values in X-XSS-Protection Header select box FixedUser interface Created about 7 years ago

Drupal 9.1 Deprecated Code ReportRTBCCode Created over 4 years ago

Question about HSTS max-ageActiveMiscellaneous Created over 1 year ago

Text fields not big enoughFixedCode Created over 2 years ago

Add phpcs and drupal-check fixesNeeds reviewCode Created over 3 years ago

Store each CSP rule on a seperate line in configActiveCode Created over 1 year ago

Support flood control for CSP violation reportsNeeds workCode Created over 9 years ago

t() calls should be avoided in classes.Needs reviewCode Created over 1 year ago

\Drupal calls should be avoided in classes, use dependency injection insteadNeeds reviewCode Created over 1 year ago

Add LICENSE.txt fileClosed: works as designedCode Created over 1 year ago

Backdrop CMS Port?FixedMiscellaneous Created over 3 years ago

Misleading recommendation for CSP directive "frame-src"RTBCDocumentation Created over 2 years ago

Fix D7 Forms API syntaxRTBCCode Created about 2 years ago

Add support for setting referer policy from route in issue #3027122Needs workCode Created about 4 years ago

!51Issue #3541096: Remove the term whitelist* from the module
Open

!50Issue #3537083: cspell issues reported in pipeline
Open

!19Change Feature Policy to Permissions Policy (D8/D9)
Open
Show issue

!49Added COOP header support
Open

!48Implement the script-src-attr policy
Open
Show issue

!47Resolve #3521718 "Add support for form-action directive"
Open

Remove the term whitelist* from the module
Active
Code
Created 1 day ago

cspell issues reported in pipeline
Active
Code
Created 24 days ago

Change Feature Policy to Permissions Policy (D8/D9)
Needs review
Code
Created over 4 years ago

Add support for the Cross-Origin-Opener-Policy (COOP) header
Active
Code
Created 28 days ago

Implement the script-src-attr policy
Needs review
Code
Created over 3 years ago

Support for configuring script-src-elem
Active
Code
Created 5 months ago

Need to exclude admin path from applying the policies
Active
Code
Created over 1 year ago

Breaks sitemap.xml when JS +CSS + Noscript protection is enabled
Active
Code
Created about 4 years ago

CSS fails, if default-src "self" configured
Active
Code
Created 3 months ago

Offering to maintain Security Kit
Active
Miscellaneous
Created over 2 years ago

Extend length of src fields
Needs review
Code
Created over 4 years ago

Add support for form-action directive
Needs work
Code
Created 4 months ago

Add support for form-action directive
Closed: duplicate
Code
Created 4 months ago

default-src has wrong description
Needs work
Documentation
Created over 4 years ago

Avoid using document.write('<!--');
Needs work
Code
Created over 4 years ago

How to add all google tlds for CSP
Active
User interface
Created about 3 years ago

CSP: Directive script-src-elem violated with googletagmanager
Needs work
Code
Created over 4 years ago

Google URL's are blocked.
Active
Miscellaneous
Created over 1 year ago

Permissions Policy Support
RTBC
Miscellaneous
Created over 4 years ago

Change Feature Policy to Permissions Policy
Closed: won't fix
Code
Created almost 5 years ago

Seckit doesn´t work for Images, CSS, JS
Active
Code
Created 7 months ago

Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.
Active
Code
Created over 1 year ago

/report-csp-violation throwing an error
Active
Miscellaneous
Created 8 months ago

Implement a "semi automatic" Nonce settings
Needs review
Miscellaneous
Created almost 4 years ago

"Directive style-src-elem violated."
Active
Code
Created almost 5 years ago

Allow certain paths to be excluded from the Origin check (patch included)
Active
Code
Created over 4 years ago

Add worker-src
Needs review
Code
Created about 3 years ago

Dispatch an event when there is a CSP violation
Active
Code
Created 9 months ago

Add worker-src
Active
Code
Created over 1 year ago

Add form-action directive
Needs review
Code
Created about 4 years ago

Drupal calls should be avoided in classes, use dependency injection instead
Active
Code
Created almost 2 years ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created 11 months ago

Missing container invalidation update from issue modifying services
Active
Code
Created 12 months ago

The base-uri policy is missing
Needs review
Code
Created over 5 years ago

Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set
Active
Code
Created over 1 year ago

SA-CONTRIB-2024-039 Clarification?
Fixed
Code
Created 11 months ago

Provide hook_seckit_options_alter() D8
Needs review
Code
Created over 8 years ago

Set 2.x as default branch
Fixed
Code
Created 12 months ago

Update summary on project page for compatibility with Project Browser
Active
Miscellaneous
Created 11 months ago

Update logo for compatibility with Project Browser
Active
Miscellaneous
Created 11 months ago

Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML
Needs work
Code
Created about 6 years ago

php error
Closed: duplicate
Code
Created 11 months ago

Modernize services: Add autowiring aliases, use autoconfigure, etc
Needs review
Code
Created 11 months ago

Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created 11 months ago

D11 release for seckit
Fixed
Code
Created 12 months ago

Coding Standard Issues
Fixed
Code
Created 11 months ago

Add testing of report-csp-violation
Fixed
Code
Created 12 months ago

Silent mode for CSP reporting
Active
Code
Created over 3 years ago

Update CSP directives
Needs review
Code
Created almost 8 years ago

Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts
Needs review
Code
Created almost 2 years ago

Automated Drupal 11 compatibility fixes for seckit
Closed: duplicate
Code
Created about 1 year ago

Automated Drupal 11 compatibility fixes for seckit
Fixed
Code
Created over 1 year ago

Fix validate pipeline
Fixed
Code
Created about 1 year ago

Add Gitlab CI
Fixed
Code
Created over 1 year ago

No values in X-XSS-Protection Header select box
Fixed
User interface
Created about 7 years ago

Drupal 9.1 Deprecated Code Report
RTBC
Code
Created over 4 years ago

Question about HSTS max-age
Active
Miscellaneous
Created over 1 year ago

Text fields not big enough
Fixed
Code
Created over 2 years ago

Add phpcs and drupal-check fixes
Needs review
Code
Created over 3 years ago

Store each CSP rule on a seperate line in config
Active
Code
Created over 1 year ago

Support flood control for CSP violation reports
Needs work
Code
Created over 9 years ago

t() calls should be avoided in classes.
Needs review
Code
Created over 1 year ago

\Drupal calls should be avoided in classes, use dependency injection instead
Needs review
Code
Created over 1 year ago

Add LICENSE.txt file
Closed: works as designed
Code
Created over 1 year ago

Backdrop CMS Port?
Fixed
Miscellaneous
Created over 3 years ago

Misleading recommendation for CSP directive "frame-src"
RTBC
Documentation
Created over 2 years ago

Fix D7 Forms API syntax
RTBC
Code
Created about 2 years ago

Add support for setting referer policy from route in issue #3027122
Needs work
Code
Created about 4 years ago

Lottie files / base64 encoding
Active
Miscellaneous
Created over 2 years ago

Uncaught DOMException: Permission denied to access property "hostname" on cross-origin object
Active
Code
Created almost 2 years ago

Add a reference to csp_log in documentation
Active
Documentation
Created over 1 year ago

How to set httpOnly flag on cookies?
Needs review
Documentation
Created almost 2 years ago

Vulnerability Scan reported 150206 - Content-Security-Policy Not Implemented
Closed: won't fix
User interface
Created almost 2 years ago

Replace README.txt with README.md
Fixed
Documentation
Created almost 3 years ago