#Content Security Policy

Open on Drupal.org →

⚡️ Live updates comments, jobs, and issues, tagged with #Content Security Policy will update issues and activities on this page.

Issues

📌
Sanitize OR add Content-Security-Policy for SVGs
Active
Drupal core 11.0 — image.module
Created over 8 years ago
🇬🇧United Kingdom alexpott
2 months ago
📌
Require array argument for AddCssCommand
Postponed
Drupal core 11.0 — ajax system
Created over 2 years ago
🇫🇷France andypost
4 months ago
📌
Add a default CSP and clickjacking defence and minimal API for CSP to core
Active
Drupal core 10.1 — base system
Created over 10 years ago
🇺🇸United States pwolanin
4 months ago
💬
Security coverage inconsistency: Stable contributed modules with known vulnerabilities
Active
Drupal.org security advisory coverage applications
Created 5 months ago
🇮🇹Italy bigbabert
5 months ago
📌
[D7] Convert drupalSettings from JavaScript to JSON, to allow for CSP in the future
Needs review
Drupal core 7.0 — javascript
Created about 9 years ago
🇬🇧United Kingdom catch
10 months ago
✨
Implement a "semi automatic" Nonce settings
Needs review
Security Kit 2.0
Created almost 4 years ago
🇧🇷Brazil barone
11 months ago
🐛
Demonstration link leads to a unsafe porn site
Active
Porto Theme 1.5
Created 11 months ago
igujl
11 months ago
📌
[12.x] Set default Content-Security-Policy in services.yml
Postponed
Drupal core 11.0 — base system
Created about 1 year ago
🇨🇦Canada gapple
about 1 year ago
🐛
Script violates Content Security Policy rules.
Fixed
Editoria11y Accessibility Checker 2.1
Created over 1 year ago
🇺🇸United States aaronpinero
over 1 year ago
📌
Improve Drupal\Core\Ajax\AddCssCommand to accept an array of CSS assets
Fixed
Drupal core 10.1 — ajax system
Created over 5 years ago
🇨🇦Canada gapple
almost 2 years ago
🐛
[upstream] Modernizr prevents strict CSP
Closed: duplicate
Drupal core 10.1 — javascript
Created over 8 years ago
🇳🇱Netherlands heine
over 2 years ago

Activities

No activities found.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

#Content Security Policy

Issues

Sanitize OR add Content-Security-Policy for SVGsActiveDrupal core 11.0 — image.module Created over 8 years ago

Require array argument for AddCssCommandPostponedDrupal core 11.0 — ajax system Created over 2 years ago

Add a default CSP and clickjacking defence and minimal API for CSP to coreActiveDrupal core 10.1 — base system Created over 10 years ago

Security coverage inconsistency: Stable contributed modules with known vulnerabilitiesActiveDrupal.org security advisory coverage applications Created 5 months ago

[D7] Convert drupalSettings from JavaScript to JSON, to allow for CSP in the futureNeeds reviewDrupal core 7.0 — javascript Created about 9 years ago

Implement a "semi automatic" Nonce settingsNeeds reviewSecurity Kit 2.0 Created almost 4 years ago

Demonstration link leads to a unsafe porn siteActivePorto Theme 1.5 Created 11 months ago

[12.x] Set default Content-Security-Policy in services.ymlPostponedDrupal core 11.0 — base system Created about 1 year ago

Script violates Content Security Policy rules.FixedEditoria11y Accessibility Checker 2.1 Created over 1 year ago

Improve Drupal\Core\Ajax\AddCssCommand to accept an array of CSS assets FixedDrupal core 10.1 — ajax system Created over 5 years ago

[upstream] Modernizr prevents strict CSPClosed: duplicateDrupal core 10.1 — javascript Created over 8 years ago

Activities

Sanitize OR add Content-Security-Policy for SVGs
Active
Drupal core 11.0 — image.module
Created over 8 years ago

Require array argument for AddCssCommand
Postponed
Drupal core 11.0 — ajax system
Created over 2 years ago

Add a default CSP and clickjacking defence and minimal API for CSP to core
Active
Drupal core 10.1 — base system
Created over 10 years ago

Security coverage inconsistency: Stable contributed modules with known vulnerabilities
Active
Drupal.org security advisory coverage applications
Created 5 months ago

[D7] Convert drupalSettings from JavaScript to JSON, to allow for CSP in the future
Needs review
Drupal core 7.0 — javascript
Created about 9 years ago

Implement a "semi automatic" Nonce settings
Needs review
Security Kit 2.0
Created almost 4 years ago

Demonstration link leads to a unsafe porn site
Active
Porto Theme 1.5
Created 11 months ago

[12.x] Set default Content-Security-Policy in services.yml
Postponed
Drupal core 11.0 — base system
Created about 1 year ago

Script violates Content Security Policy rules.
Fixed
Editoria11y Accessibility Checker 2.1
Created over 1 year ago

Improve Drupal\Core\Ajax\AddCssCommand to accept an array of CSS assets
Fixed
Drupal core 10.1 — ajax system
Created over 5 years ago

[upstream] Modernizr prevents strict CSP
Closed: duplicate
Drupal core 10.1 — javascript
Created over 8 years ago