πΈπͺSweden Kleve
πΈπͺSweden Kleve
πΈπͺSweden Kleve
πΈπͺSweden Kleve
πΈπͺSweden Kleve
πΈπͺSweden Kleve
Latest patch did not apply. Also it contained non related comments and missing required code. But have fixed this in the latest release.
π | Drupal core | CKEditor 5 toolbar items of multi-value field (typically Paragraphs) overflowing on narrow viewports and overlapping with node form's sidebar on wide viewports
πΈπͺSweden Kleve
Patch from #31 works when aggregation of css is disabled on the performance settings page. But not when enabled.
πΈπͺSweden Kleve
Tested patch from #18 with 2.0.0-beta6.
With the old display format viewsreference the views are displayed for both logged in/anonymous users.
If I switch to the new display format viewsreference (layzy builder) the views are displayed for anonymous but not for logged in users.
Not sure if this is good or bad news :) But it looks like the patch works for existing sites using the old display format.
πΈπͺSweden Kleve
Also having the same problem with nothing rendered when logged in and BigPipe enabled.
Patch from #16 adds a new layzy builder option to display the views. Tested with both display options. Nothing is rendered except the big-pipe-placeholder.
πΈπͺSweden Kleve
Patch 3098417-26.patch is partly rejected in current stable release 2.0.1. Looks like rejected code is in /tests/src/Functional/SecKitTestCaseTest.php
Do we have a working patch for 2.0.1?
Rejected code
--- tests/src/Functional/SecKitTestCaseTest.php
+++ tests/src/Functional/SecKitTestCaseTest.php
@@ -97,11 +97,12 @@ class SecKitTestCaseTest extends BrowserTestBase {
'seckit_xss[csp][child-src]' => '*',
'seckit_xss[csp][font-src]' => '*',
'seckit_xss[csp][connect-src]' => '*',
+ 'seckit_xss[csp][base-uri]' => '*',
'seckit_xss[csp][report-uri]' => $this->reportPath,
'seckit_xss[csp][upgrade-req]' => TRUE,
];
$this->drupalPostForm('admin/config/system/seckit', $form, t('Save configuration'));
- $expected = 'default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; report-uri ' . base_path() . $this->reportPath . '; upgrade-insecure-requests';
+ $expected = "default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; base-uri *; report-uri " . base_path() . $this->reportPath . '; upgrade-insecure-requests';
$this->assertSession()->responseHeaderEquals('Content-Security-Policy', $expected);
$this->assertSession()->responseHeaderEquals('X-Content-Security-Policy', $expected);
$this->assertSession()->responseHeaderEquals('X-WebKit-CSP', $expected);
@@ -126,11 +127,12 @@ class SecKitTestCaseTest extends BrowserTestBase {
'seckit_xss[csp][child-src]' => '*',
'seckit_xss[csp][font-src]' => '*',
'seckit_xss[csp][connect-src]' => '*',
+ 'seckit_xss[csp][base-uri]' => '*',
'seckit_xss[csp][report-uri]' => $this->reportPath,
'seckit_xss[csp][upgrade-req]' => TRUE,
];
$this->drupalPostForm('admin/config/system/seckit', $form, t('Save configuration'));
- $expected = 'default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; report-uri ' . base_path() . $this->reportPath . '; upgrade-insecure-requests';
+ $expected = "default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; base-uri *; report-uri " . base_path() . $this->reportPath . '; upgrade-insecure-requests';
$this->assertSession()->responseHeaderEquals('Content-Security-Policy', $expected);
$this->assertSession()->responseHeaderEquals('X-Content-Security-Policy', NULL);
$this->assertSession()->responseHeaderEquals('X-WebKit-CSP', NULL);
@@ -155,11 +157,12 @@ class SecKitTestCaseTest extends BrowserTestBase {
'seckit_xss[csp][child-src]' => '*',
'seckit_xss[csp][font-src]' => '*',
'seckit_xss[csp][connect-src]' => '*',
+ 'seckit_xss[csp][base-uri]' => '*',
'seckit_xss[csp][report-uri]' => $this->reportPath,
'seckit_xss[csp][upgrade-req]' => TRUE,
];
$this->drupalPostForm('admin/config/system/seckit', $form, t('Save configuration'));
- $expected = 'default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; report-uri ' . base_path() . $this->reportPath . '; upgrade-insecure-requests';
+ $expected = "default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; base-uri *; report-uri " . base_path() . $this->reportPath . '; upgrade-insecure-requests';
$this->assertSession()->responseHeaderEquals('Content-Security-Policy', $expected);
$this->assertSession()->responseHeaderEquals('X-Content-Security-Policy', $expected);
$this->assertSession()->responseHeaderEquals('X-WebKit-CSP', NULL);
@@ -184,11 +187,12 @@ class SecKitTestCaseTest extends BrowserTestBase {
'seckit_xss[csp][child-src]' => '*',
'seckit_xss[csp][font-src]' => '*',
'seckit_xss[csp][connect-src]' => '*',
+ 'seckit_xss[csp][base-uri]' => '*',
'seckit_xss[csp][report-uri]' => $this->reportPath,
'seckit_xss[csp][upgrade-req]' => TRUE,
];
$this->drupalPostForm('admin/config/system/seckit', $form, t('Save configuration'));
- $expected = 'default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; report-uri ' . base_path() . $this->reportPath . '; upgrade-insecure-requests';
+ $expected = "default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src *; base-uri *; report-uri " . base_path() . $this->reportPath . '; upgrade-insecure-requests';
$this->assertSession()->responseHeaderEquals('Content-Security-Policy', $expected);
$this->assertSession()->responseHeaderEquals('X-Content-Security-Policy', NULL);
$this->assertSession()->responseHeaderEquals('X-WebKit-CSP', $expected);
@@ -247,12 +252,13 @@ class SecKitTestCaseTest extends BrowserTestBase {
'seckit_xss[csp][child-src]' => '',
'seckit_xss[csp][font-src]' => '',
'seckit_xss[csp][connect-src]' => '',
+ 'seckit_xss[csp][base-uri]' => "'self'",
'seckit_xss[csp][report-uri]' => $this->reportPath,
'seckit_xss[csp][upgrade-req]' => FALSE,
'seckit_xss[csp][policy-uri]' => '',
];
$this->drupalPostForm('admin/config/system/seckit', $form, t('Save configuration'));
- $expected = "default-src self; report-uri " . base_path() . $this->reportPath;
+ $expected = "default-src self; base-uri 'self'; report-uri " . base_path() . $this->reportPath;
$this->assertSession()->responseHeaderEquals('Content-Security-Policy', $expected);
$this->assertSession()->responseHeaderEquals('X-Content-Security-Policy', $expected);
$this->assertSession()->responseHeaderEquals('X-WebKit-CSP', $expected);
@@ -320,15 +326,16 @@ class SecKitTestCaseTest extends BrowserTestBase {
$form['seckit_xss[csp][vendor-prefix][x]'] = TRUE;
$form['seckit_xss[csp][vendor-prefix][webkit]'] = TRUE;
$form['seckit_xss[csp][default-src]'] = 'self';
+ $form['seckit_xss[csp][base-uri]'] = "'self'";
$form['seckit_xss[csp][report-uri]'] = $report_uri['uri'];
$this->drupalPostForm('admin/config/system/seckit', $form, t('Save configuration'));
if ($report_uri['valid']) {
$base_path = ($report_uri['absolute']) ? '' : base_path();
- $expected = 'default-src self; report-uri ' . $base_path . $report_uri['uri'];
+ $expected = "default-src self; base-uri 'self'; report-uri " . $base_path . $report_uri['uri'];
if (!$report_uri['absolute'] && strpos($report_uri['uri'], '/') === 0) {
// In this case, check that the leading slash on the relative path
// was not mistakenly turned into two leading slashes.
- $expected = 'default-src self; report-uri ' . $base_path . ltrim($report_uri['uri'], '/');
+ $expected = "default-src self; base-uri 'self'; report-uri " . $base_path . ltrim($report_uri['uri'], '/');
}
$this->assertSession()->responseHeaderEquals('Content-Security-Policy', $expected);
$this->assertSession()->responseHeaderEquals('X-Content-Security-Policy', $expected);