User story #26951: Plugins need CSP to be strict in Rudder but disabled in plugin pages - Rudder - Issue Tracker

Actions

Copy link

User story #26951

open

User story #26934: Enable CSP on all pages and add tag to exclude a page

Plugins need CSP to be strict in Rudder but disabled in plugin pages

Added by Clark ANDRIANASOLO 5 days ago. Updated 5 days ago.

Status:

Pending technical review

Priority:

N/A

Assignee:

Clark ANDRIANASOLO

Category:

Web - Maintenance

Target version:

9.0.0~alpha1

Pull Request:

https://github.com/Normation/rudder-p...

UX impact:

Suggestion strength:

User visibility:

First impressions of Rudder

Effort required:

Small

Name check:

To do

Fix check:

To do

Regression:

Description

In parent, strict CSP headers are enabled on all pages and need to be present for scripts added by some plugins, e.g. to display something from the plugin the login page, or in the navbar.

But the plugins pages themselves have additional pages, which can be later migrated to include CSP headers

Actions

Copy link

Updated by Clark ANDRIANASOLO 5 days ago

Status changed from New to In progress

Actions

Copy link

Updated by Clark ANDRIANASOLO 5 days ago

Status changed from In progress to Pending technical review
Pull Request set to https://github.com/Normation/rudder-plugins/pull/837

PR https://github.com/Normation/rudder-plugins/pull/837

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

User story #26951

Plugins need CSP to be strict in Rudder but disabled in plugin pages

Updated by Clark ANDRIANASOLO 5 days ago

Updated by Clark ANDRIANASOLO 5 days ago