#Content Security Policy

Open on Drupal.org →

⚡️ Live updates comments, jobs, and issues, tagged with #Content Security Policy will update issues and activities on this page.

Issues

📌
Require array argument for AddCssCommand
Postponed
Drupal core 11.0 — ajax system
Created over 2 years ago
🇫🇷France andypost
29 days ago
📌
Sanitize OR add Content-Security-Policy for SVGs
Active
Drupal core 11.0 — image.module
Created about 8 years ago
🇬🇧United Kingdom alexpott
5 months ago
📌
[D7] Convert drupalSettings from JavaScript to JSON, to allow for CSP in the future
Needs review
Drupal core 7.0 — javascript
Created over 8 years ago
🇬🇧United Kingdom catch
5 months ago
✨
Implement a "semi automatic" Nonce settings
Needs review
Security Kit 2.0
Created over 3 years ago
🇧🇷Brazil barone
5 months ago
🐛
Demonstration link leads to a unsafe porn site
Active
Porto Theme 1.5
Created 5 months ago
igujl
5 months ago
📌
Add a default Content-Security-Policy and clickjacking defence to core
Needs review
Drupal core 11.0 — base system
Created almost 10 years ago
🇺🇸United States pwolanin
6 months ago
📌
[12.x] Set default Content-Security-Policy in services.yml
Postponed
Drupal core 11.0 — base system
Created 8 months ago
🇨🇦Canada gapple
8 months ago
🐛
Script violates Content Security Policy rules.
Fixed
Editoria11y Accessibility Checker 2.1
Created about 1 year ago
🇺🇸United States aaronpinero
about 1 year ago
📌
Improve Drupal\Core\Ajax\AddCssCommand to accept an array of CSS assets
Fixed
Drupal core 10.1 — ajax system
Created over 5 years ago
🇨🇦Canada gapple
over 1 year ago
🐛
[upstream] Modernizr prevents strict CSP
Closed: duplicate
Drupal core 10.1 — javascript
Created over 8 years ago
🇳🇱Netherlands heine
over 2 years ago

Activities

No activities found.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

#Content Security Policy

Issues

Require array argument for AddCssCommandPostponedDrupal core 11.0 — ajax system Created over 2 years ago

Sanitize OR add Content-Security-Policy for SVGsActiveDrupal core 11.0 — image.module Created about 8 years ago

[D7] Convert drupalSettings from JavaScript to JSON, to allow for CSP in the futureNeeds reviewDrupal core 7.0 — javascript Created over 8 years ago

Implement a "semi automatic" Nonce settingsNeeds reviewSecurity Kit 2.0 Created over 3 years ago

Demonstration link leads to a unsafe porn siteActivePorto Theme 1.5 Created 5 months ago

Add a default Content-Security-Policy and clickjacking defence to coreNeeds reviewDrupal core 11.0 — base system Created almost 10 years ago

[12.x] Set default Content-Security-Policy in services.ymlPostponedDrupal core 11.0 — base system Created 8 months ago

Script violates Content Security Policy rules.FixedEditoria11y Accessibility Checker 2.1 Created about 1 year ago

Improve Drupal\Core\Ajax\AddCssCommand to accept an array of CSS assets FixedDrupal core 10.1 — ajax system Created over 5 years ago

[upstream] Modernizr prevents strict CSPClosed: duplicateDrupal core 10.1 — javascript Created over 8 years ago

Activities

Require array argument for AddCssCommand
Postponed
Drupal core 11.0 — ajax system
Created over 2 years ago

Sanitize OR add Content-Security-Policy for SVGs
Active
Drupal core 11.0 — image.module
Created about 8 years ago

[D7] Convert drupalSettings from JavaScript to JSON, to allow for CSP in the future
Needs review
Drupal core 7.0 — javascript
Created over 8 years ago

Implement a "semi automatic" Nonce settings
Needs review
Security Kit 2.0
Created over 3 years ago

Demonstration link leads to a unsafe porn site
Active
Porto Theme 1.5
Created 5 months ago

Add a default Content-Security-Policy and clickjacking defence to core
Needs review
Drupal core 11.0 — base system
Created almost 10 years ago

[12.x] Set default Content-Security-Policy in services.yml
Postponed
Drupal core 11.0 — base system
Created 8 months ago

Script violates Content Security Policy rules.
Fixed
Editoria11y Accessibility Checker 2.1
Created about 1 year ago

Improve Drupal\Core\Ajax\AddCssCommand to accept an array of CSS assets
Fixed
Drupal core 10.1 — ajax system
Created over 5 years ago

[upstream] Modernizr prevents strict CSP
Closed: duplicate
Drupal core 10.1 — javascript
Created over 8 years ago