stable
Clone or download
This is a first step towards a strict CSP policy [0]. For now it does nothing besides adding a nonce attribute to script tags added by the main API offered by Tuleap to add scripts into a page. Rogue additions of scripts directly into the pages or inlined scripts will be dealt with other contributions. Once most of the work is done we will enable a Content-Security-Policy in a Report-Only mode [1] to find remaining issues before going live with it. When testing nothing should change except that a nonce attribute is now present on (most of) the script tags. Part of request #17967: Deploy a useful content security policy [0] https://web.dev/strict-csp/ [1] https://www.w3.org/TR/CSP2/#content-security-policy-report-only-header-field Change-Id: I80ad0acc4dd08ace0e83e72ff310785a5e301108
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | src/common/layout/BaseLayout.php | +16 | −2 | Go to diff View file |
| M | src/common/layout/Layout.class.php | +8 | −8 | Go to diff View file |
| M | src/themes/BurningParrot/include/BurningParrotTheme.php | +2 | −1 | Go to diff View file |
| M | src/themes/BurningParrot/include/FooterPresenter.php | +8 | −1 | Go to diff View file |
| M | src/themes/BurningParrot/templates/footer.mustache | +2 | −2 | Go to diff View file |