Setup Content Security Policy header based on new handler #300

dvesh3 · 2022-03-14T13:19:35Z

Feature description

Also add configuration to whitelist urls:

# config/config.yaml
pimcore_admin:
    admin_csp_header:
        additional_urls:
            script_src:
                - 'http://unpkg.com/axios/dist/'
                - 'http://unpkg.com/react/umd/'
                - 'http://unpkg.com/react-dom/umd/'
            style-src:
                - 'https://cdn.jsdelivr.net/npm/'

aryaantony92 · 2022-03-21T17:06:07Z

The urls "//unpkg.com/axios/dist/", "//unpkg.com/react/umd/" and "//unpkg.com/react-dom/umd/" should be white listed inside the core bundle. And the "cdn.jsdelivr.net/npm/" is already whitelisted in the admin side.

fashxp · 2022-03-28T12:24:55Z

TODO:

create PR that enables the config
bump minimum requirement for pimcore to ^10.4

dvesh3 added the Task label Mar 14, 2022

dvesh3 assigned aryaantony92 Mar 14, 2022

aryaantony92 closed this as completed Mar 22, 2022

fashxp reopened this Mar 28, 2022

dvesh3 referenced this issue in pimcore/pimcore Mar 29, 2022

Merge remote-tracking branch 'origin/10.3' into 10.x

2c68f57

aryaantony92 mentioned this issue Mar 29, 2022

Set up new Content Security Handler Resolves#300 #303

Merged

dvesh3 closed this as completed in #303 Apr 5, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Setup Content Security Policy header based on new handler #300

Setup Content Security Policy header based on new handler #300

dvesh3 commented Mar 14, 2022 •

edited

aryaantony92 commented Mar 21, 2022

fashxp commented Mar 28, 2022 •

edited

Setup Content Security Policy header based on new handler #300

Setup Content Security Policy header based on new handler #300

Comments

dvesh3 commented Mar 14, 2022 • edited

Feature description

aryaantony92 commented Mar 21, 2022

fashxp commented Mar 28, 2022 • edited

dvesh3 commented Mar 14, 2022 •

edited

fashxp commented Mar 28, 2022 •

edited