Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #7879 Content-Security-Policy header blocks all Javascript code from external websites
    Actions
    Infos
    #7879
    Thomas Gerbet (tgerbet)
    2015-03-04 16:22
    2015-02-18 11:38
    7886
    Details
    Content-Security-Policy header blocks all Javascript code from external websites
    It is not possible to allow the loading of some Javascript from an external website with the current Content-Security-Policy header. This is annoying because we can't load Google Analytics script for example.

    Reference : http://www.w3.org/TR/CSP2/#directive-script-src
    Other
    7.10
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2015-02-19
    Attachments
    Artifact links
    Empty
    Empty
    References
    Referencing request #7879

    Artifact Tracker v5

    rel #7843 7.11

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/48/3648/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 1db8903f21
    User avatar dylan bowden (dylan) , 2015-02-19 17:43
    request #7879: Add a whitelist for the Content-Security-Policy directive script-src 8df3f99768
    User avatar Thomas Gerbet (tgerbet) , 2015-02-18 11:38
    Referenced by request #7879

    Other

    gerrit #3648
    Display settings

    Follow-ups

    User avatar
    dylan bowden (dylan)2015-02-19 17:45
    • Status changed from Under review to Closed
    • Close date set to 2015-02-19