Project

General

Profile

Actions

User story #26934

closed

Enable CSP on all pages and add tag to exclude a page

Added by Clark ANDRIANASOLO 2 months ago. Updated 6 days ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
UX impact:
It bothers me each time
Suggestion strength:
Want - This would make my life a lot easier but I can manage without
User visibility:
First impressions of Rudder
Effort required:
Medium
Name check:
To do
Fix check:
To do
Regression:
No

Description

We want CSP headers in all pages so the current directive to add CSP headers to a page in #25032 should be replaced by directives to ignore some pages, and CSP should be enabled on all pages by default


Subtasks 3 (0 open3 closed)

User story #26951: Plugins need CSP to be strict in Rudder but disabled in plugin pagesReleasedClark ANDRIANASOLOActions
Rudder plugins - User story #27002: Private plugins should have work with strict CSP headersReleasedClark ANDRIANASOLOActions
User story #27119: CSP headers for pages without scripts are always set with static nonceReleasedFrançois ARMANDActions

Related issues 2 (0 open2 closed)

Related to Rudder - Bug #25032: Use Content-Security-Policy strict headers in utilities pagesReleasedFrançois ARMANDActions
Related to API authorizations - Bug #27314: CSP violation in api accounts custom ACL selectionReleasedVéronique HAYAERTActions
Actions #1

Updated by Clark ANDRIANASOLO 2 months ago

  • Related to Bug #25032: Use Content-Security-Policy strict headers in utilities pages added
Actions #2

Updated by Clark ANDRIANASOLO 2 months ago

  • Status changed from New to Pending technical review
  • Assignee changed from Clark ANDRIANASOLO to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/
Actions #3

Updated by Clark ANDRIANASOLO 2 months ago

  • Pull Request changed from https://github.com/Normation/rudder/ to https://github.com/Normation/rudder/6394
Actions #4

Updated by Clark ANDRIANASOLO 2 months ago

  • Pull Request changed from https://github.com/Normation/rudder/6394 to https://github.com/Normation/rudder/pull/6394
Actions #5

Updated by Clark ANDRIANASOLO 2 months ago

  • Subtask #26951 added
Actions #6

Updated by Clark ANDRIANASOLO 2 months ago

  • Subtask #27002 added
Actions #7

Updated by Clark ANDRIANASOLO about 2 months ago

  • Status changed from Pending technical review to Pending release
Actions #8

Updated by Clark ANDRIANASOLO about 1 month ago

  • Subtask #27119 added
Actions #9

Updated by Clark ANDRIANASOLO 12 days ago

  • Related to Bug #27314: CSP violation in api accounts custom ACL selection added
Actions #10

Updated by Alexis Mousset 6 days ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 9.0.0~alpha1 which was released today.

Actions

Also available in: Atom PDF