New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[4.0] Add the Report-To header to the http header config and allow to set the script-dynamic header #28724
Conversation
Co-Authored-By: Quy <quy@fluxbb.org>
Thanks @Quy |
Co-Authored-By: Quy <quy@fluxbb.org>
thanks @Quy Co-Authored-By: Quy <quy@fluxbb.org>
Thanks merged @Quy |
…cms into reporttoandscriptdynamic
Please fix conflicts. |
Done @Quy |
Co-authored-by: Quy <quy@fluxbb.org>
At this point @zero-24 can help netter than I do. |
Conent-security-poliy(-report-only) Can you please post the settings you made? |
@Bodge-IT In your screenshot of the headers I see: "report-to: csp-endpoint". That's one of the headers added by this PR, so success for this point. For the second point the strict-dynamic option option, your screenshot with the com_csp options shows that this option is there. So success also for this point. @zero-24 Am I right? Or am I missing something? |
…cms into reporttoandscriptdynamic
Ok found the issue please re apply this PR (revert and than apply again via patchtester) or manually apply this changes here: 304c468 |
Will reset @opn365 test and request new additional test Thanks for your support... |
Thanks 👍 |
Do we need to get tests reset? @zero-24, can you tweak test instructions to advise what we're looking for in headers? |
@Bodge-IT No need for reset, that happens automatically on GitHub with a new commit. In the tracker you might not see that. But it's here on GitHub which counts. @opn365 Could you re apply this PR (revert, then fetch again patches and than apply again via patchtester if using patchtester, or pulling latest changes when using a git client) and then repeat your test? There have been changes made in this PR. Thanks in advance, and thanks for the previous test. |
Done thanks |
I have tested this item ✅ successfully on 80d1e1b This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/28724. |
I have tested this item ✅ successfully on 80d1e1b This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/28724. |
Pulled in Phil to get this done... |
Seems he did not have time and has sent his cat instead ;-) |
RTC This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/28724. |
Summary of Changes
Add the Report-To (#2) header to the http header config and allow to set the script-dynamic header
Testing Instructions
force header
option.Expected result
Actual result
Documentation Changes Required
The script-dynamic options needs to be added to doc pages the Report-To has been added already
https://docs.joomla.org/index.php?title=Help4.x:Components_CSP_Reports_Options
https://docs.joomla.org/J4.x:Http_Header_Management