Project

General

Profile

Actions

Bug #25715

closed

Avoid Content-Security-Policy-Report-Only headers in dev mode

Added by Clark ANDRIANASOLO about 2 months ago. Updated about 1 month ago.

Status:
Released
Priority:
5 (lowest)
Category:
Architecture - Code maintenance
Target version:
Severity:
Trivial - no functional impact | cosmetic
UX impact:
User visibility:
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

The Lift server has an option to add Content-Security-Policy-Report-Only header which makes the browser believe all scripts can be executed in a development environment (in IntelliJ without using a deployed war), but it is very misleading because things will still work even if they don't in production.


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #25712: CSP violations from status tab in utilities pagesReleasedFrançois ARMANDActions
Actions #1

Updated by Clark ANDRIANASOLO about 2 months ago

  • Related to Bug #25712: CSP violations from status tab in utilities pages added
Actions #2

Updated by Clark ANDRIANASOLO about 2 months ago

  • Status changed from New to In progress
Actions #3

Updated by Clark ANDRIANASOLO about 2 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Clark ANDRIANASOLO to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder/pull/5958
Actions #4

Updated by Clark ANDRIANASOLO about 1 month ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Clark ANDRIANASOLO about 1 month ago

  • Fix check changed from To do to Checked
Actions #6

Updated by Vincent MEMBRÉ about 1 month ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 8.1.8 and 8.2.1 which were released today.

Actions

Also available in: Atom PDF