Project

General

Profile

Actions
Copy link

User story #26934

open

Enable CSP on all pages and add tag to exclude a page

Added by Clark ANDRIANASOLO 30 days ago. Updated about 20 hours ago.

Status:
Pending release
Priority:
N/A
Assignee:
François ARMAND
Category:
Security
Target version:
9.0.0~alpha1
Pull Request:
https://github.com/Normation/rudder/p...
UX impact:
It bothers me each time
Suggestion strength:
Want - This would make my life a lot easier but I can manage without
User visibility:
First impressions of Rudder
Effort required:
Medium
Name check:
To do
Fix check:
To do
Regression:
No

Description

We want CSP headers in all pages so the current directive to add CSP headers to a page in #25032 should be replaced by directives to ignore some pages, and CSP should be enabled on all pages by default

Subtasks 3 (3 open0 closed)

User story #26951: Plugins need CSP to be strict in Rudder but disabled in plugin pagesPending releaseClark ANDRIANASOLOActions
Rudder plugins - User story #27002: Private plugins should have work with strict CSP headersPending releaseClark ANDRIANASOLOActions
User story #27119: CSP headers for pages without scripts are always set with static nonceNewClark ANDRIANASOLOActions

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #25032: Use Content-Security-Policy strict headers in utilities pagesReleasedFrançois ARMANDActions
Actions
Copy link

Also available in: Atom PDF