Actions
Bug #25715
closedAvoid Content-Security-Policy-Report-Only headers in dev mode
Status:
Released
Priority:
5 (lowest)
Assignee:
Category:
Architecture - Code maintenance
Target version:
Pull Request:
Severity:
Trivial - no functional impact | cosmetic
UX impact:
User visibility:
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
The Lift server has an option to add Content-Security-Policy-Report-Only header which makes the browser believe all scripts can be executed in a development environment (in IntelliJ without using a deployed war), but it is very misleading because things will still work even if they don't in production.
Updated by Clark ANDRIANASOLO about 2 months ago
- Related to Bug #25712: CSP violations from status tab in utilities pages added
Updated by Clark ANDRIANASOLO about 2 months ago
- Status changed from New to In progress
Updated by Clark ANDRIANASOLO about 2 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Clark ANDRIANASOLO to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/5958
Updated by Clark ANDRIANASOLO about 1 month ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|ada8d1a2f57674dc34c249b3e1af1eddd64ee850.
Updated by Clark ANDRIANASOLO about 1 month ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ about 1 month ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.1.8 and 8.2.1 which were released today.
Actions