Actions
Bug #24062
closedImplementing CSP headers without duplicating Lift scripts
Pull Request:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
When we implemented CSP headers we found out that the Lift web framework appends scripts to the HTML response, and there is no convenient way to hook into the scripts and add nonce attributes to them. So we allowed duplicate scripts, one we added with a nonce and another one added by Lift, causing a CSP violation in the browser (healthcheck page only).
We should find a way to avoid the duplication.
Also we should fix all current violations on the healthcheck page :
Files
Updated by Clark ANDRIANASOLO 9 months ago
- Related to Bug #24016: Implement CSP strict headers with nonce and apply to healtcheck page added
Actions
#2
Updated by Clark ANDRIANASOLO 9 months ago
- File clipboard-202401231748-btx8j.png clipboard-202401231748-btx8j.png added
- File clipboard-202401231748-8wohf.png clipboard-202401231748-8wohf.png added
- Description updated (diff)
Updated by Clark ANDRIANASOLO 9 months ago
- Status changed from New to In progress
Updated by Clark ANDRIANASOLO 9 months ago
- Related to Bug #24041: Fix default font size and menu toggle added
Updated by Clark ANDRIANASOLO 9 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Clark ANDRIANASOLO to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/5342
Updated by Anonymous 9 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|ee0dbc1de5980b2a1e8d5cb2bdc860b249cdfd26.
Updated by Vincent MEMBRÉ 6 months ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.1.0~beta1 which was released today.
Actions