Actions
Bug #24016
closedBug #24015: Use Content-Security-Policy strict headers
Implement CSP strict headers with nonce and apply to healtcheck page
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
We need a setup of the main webapp page to be able to render it with strict CSP headers, and as a preamble we migrate the HTML page for healtcheck to use those headers (it specifically has scripts for initializing the Healthcheck Elm app)
Updated by Clark ANDRIANASOLO 9 months ago
- Status changed from New to In progress
Updated by Clark ANDRIANASOLO 9 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Clark ANDRIANASOLO to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/5315
Updated by Clark ANDRIANASOLO 9 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|bcf4a71958c05a857327ff85acd3460fe4a56f1d.
Updated by Clark ANDRIANASOLO 9 months ago
- Related to Bug #24062: Implementing CSP headers without duplicating Lift scripts added
Updated by Clark ANDRIANASOLO 9 months ago
- Related to Bug #24101: CSP headers are duplicated and missing report-uri added
Updated by Vincent MEMBRÉ 6 months ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.1.0~alpha1 which was released today.
Actions