Actions
Bug #25715
openAvoid Content-Security-Policy-Report-Only headers in dev mode
Status:
Pending technical review
Priority:
5 (lowest)
Assignee:
Category:
Architecture - Code maintenance
Target version:
Pull Request:
Severity:
Trivial - no functional impact | cosmetic
UX impact:
User visibility:
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
The Lift server has an option to add Content-Security-Policy-Report-Only header which makes the browser believe all scripts can be executed in a development environment (in IntelliJ without using a deployed war), but it is very misleading because things will still work even if they don't in production.
Updated by Clark ANDRIANASOLO 6 days ago
- Related to Bug #25712: CSP violations from status tab in utilities pages added
Updated by Clark ANDRIANASOLO 6 days ago
- Status changed from In progress to Pending technical review
- Assignee changed from Clark ANDRIANASOLO to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/5958
Actions