Project

General

Profile

Actions
Copy link

Bug #25032

closed

Use Content-Security-Policy strict headers in utilities pages

Bug #25032: Use Content-Security-Policy strict headers in utilities pages

Added by Clark ANDRIANASOLO almost 2 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Assignee:
François ARMAND
Category:
Security
Target version:
8.2.0~alpha1
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

We have added the necessary boilerplate in #24015 to include HTML pages to be loaded with strict CSP headers, and applied it to the healtcheck page.

We now need to include these headers in other Utilities pages within Rudder : archives, event logs

Related issues 4 (0 open4 closed)

Related to Rudder - Bug #24015: Use Content-Security-Policy strict headersReleasedClark ANDRIANASOLOActions
Related to Rudder - Bug #25352: Event log rollback action is prevented from CSP headersReleasedRaphael GAUTHIERActions
Related to Rudder - Bug #25712: CSP violations from status tab in utilities pagesReleasedFrançois ARMANDActions
Related to Rudder - User story #26934: Enable CSP on all pages and add tag to exclude a page ReleasedFrançois ARMANDActions

Updated by Clark ANDRIANASOLO almost 2 years ago Actions
Copy link
 #1

  • Description updated (diff)

Updated by Clark ANDRIANASOLO almost 2 years ago Actions
Copy link
 #2

  • Related to Bug #24015: Use Content-Security-Policy strict headers added

Updated by Clark ANDRIANASOLO almost 2 years ago Actions
Copy link
 #3

  • Status changed from New to In progress

Updated by Clark ANDRIANASOLO almost 2 years ago Actions
Copy link
 #4

  • Subject changed from Use Content-Security-Policy strict headers in web pages to Use Content-Security-Policy strict headers in utilities pages
  • Description updated (diff)

Updated by Clark ANDRIANASOLO almost 2 years ago Actions
Copy link
 #5

  • Status changed from In progress to Pending technical review
  • Assignee changed from Clark ANDRIANASOLO to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/5764

Updated by Clark ANDRIANASOLO almost 2 years ago Actions
Copy link
 #6

  • Status changed from Pending technical review to Pending release

Updated by Alexis Mousset over 1 year ago Actions
Copy link
 #7

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 8.2.0~alpha1 which was released today.

Updated by Clark ANDRIANASOLO over 1 year ago Actions
Copy link
 #8

  • Related to Bug #25352: Event log rollback action is prevented from CSP headers added

Updated by Clark ANDRIANASOLO over 1 year ago Actions
Copy link
 #9

  • Related to Bug #25712: CSP violations from status tab in utilities pages added

Updated by Clark ANDRIANASOLO 11 months ago Actions
Copy link
 #10

  • Related to User story #26934: Enable CSP on all pages and add tag to exclude a page added
Actions
Copy link

Also available in: PDF Atom