Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove unsafe-eval from default CSP #1369

Merged
merged 2 commits into from Jun 8, 2021
Merged

Conversation

davidmehren
Copy link
Member

Component/Part

Content-Security-Policy

Description

As our webpack config does not use eval anymore, after #1368 is merged, we can remove
unsafe-eval from our CSP config.

Steps

  • Added implementation
  • I read the contribution documentation and
    made sure that:
    • My commits are signed-off to accept the DCO.
    • This PR targets the correct branch: master for 1.x & docs, develop for 2.x

Related Issue(s)

@davidmehren davidmehren added type: feature enhancement An improvement to existing functionality scope: frontend Only relevant for the frontend labels Jun 7, 2021
@davidmehren davidmehren added this to the Release 1.9 milestone Jun 7, 2021
@davidmehren davidmehren self-assigned this Jun 7, 2021
@davidmehren
Copy link
Member Author

This is a draft, as #1368 must be merged first.

@davidmehren davidmehren force-pushed the feature/remove_script_loader branch 3 times, most recently from a122048 to bf3b45b Compare June 7, 2021 19:00
Base automatically changed from feature/remove_script_loader to master June 7, 2021 20:58
@davidmehren davidmehren marked this pull request as ready for review June 7, 2021 20:59
As script-loader was removed in the previous commits,
we can finally tighten up security.

Signed-off-by: David Mehren <git@herrmehren.de>
Signed-off-by: David Mehren <git@herrmehren.de>
@InnayTool InnayTool merged commit 1d082ae into master Jun 8, 2021
13 checks passed
@InnayTool InnayTool deleted the feature/remove_unsafe_eval branch June 8, 2021 20:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
scope: frontend Only relevant for the frontend type: feature enhancement An improvement to existing functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

6 participants