Project

General

Profile

Actions
Copy link

Bug #25715

open

Avoid Content-Security-Policy-Report-Only headers in dev mode

Added by Clark ANDRIANASOLO 6 days ago. Updated 6 days ago.

Status:
Pending technical review
Priority:
5 (lowest)
Assignee:
Alexis Mousset
Category:
Architecture - Code maintenance
Target version:
8.1.8
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Trivial - no functional impact | cosmetic
UX impact:
User visibility:
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

The Lift server has an option to add Content-Security-Policy-Report-Only header which makes the browser believe all scripts can be executed in a development environment (in IntelliJ without using a deployed war), but it is very misleading because things will still work even if they don't in production.

Related issues 1 (1 open0 closed)

Related to Rudder - Bug #25712: CSP violations from status tab in utilities pagesPending technical reviewFrançois ARMANDActions
Actions
Copy link

Also available in: Atom PDF