Project

General

Profile

Actions
Copy link

User story #26951

open

User story #26934: Enable CSP on all pages and add tag to exclude a page

Plugins need CSP to be strict in Rudder but disabled in plugin pages

Added by Clark ANDRIANASOLO about 2 months ago. Updated about 1 month ago.

Status:
Pending release
Priority:
N/A
Assignee:
Clark ANDRIANASOLO
Category:
Web - Maintenance
Target version:
9.0.0~alpha1
Pull Request:
https://github.com/Normation/rudder-p...
UX impact:
Suggestion strength:
User visibility:
First impressions of Rudder
Effort required:
Small
Name check:
To do
Fix check:
To do
Regression:
No

Description

In parent, strict CSP headers are enabled on all pages and need to be present for scripts added by some plugins, e.g. to display something from the plugin the login page, or in the navbar.

But the plugins pages themselves have additional pages, which can be later migrated to include CSP headers

Actions
Copy link
 #1

Updated by Clark ANDRIANASOLO about 2 months ago

  • Status changed from New to In progress
Actions
Copy link
 #2

Updated by Clark ANDRIANASOLO about 2 months ago

  • Status changed from In progress to Pending technical review
  • Pull Request set to https://github.com/Normation/rudder-plugins/pull/837
Actions
Copy link
 #3

Updated by Clark ANDRIANASOLO about 1 month ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link

Also available in: Atom PDF