Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP child-src is deprecated #11035

Closed
rullzer opened this issue Sep 3, 2018 · 1 comment
Closed

CSP child-src is deprecated #11035

rullzer opened this issue Sep 3, 2018 · 1 comment
Assignees
@rullzer
Labels
1. to develop Accepted and waiting to be taken care of enhancement security
Milestone
Nextcloud 15

Comments

@rullzer
Copy link
Member

rullzer commented Sep 3, 2018

We should update our CSP accordingly and use only use worker-src and frame-src
@rullzer rullzer self-assigned this Sep 3, 2018
@rullzer rullzer added enhancement 1. to develop Accepted and waiting to be taken care of labels Sep 3, 2018
@rullzer rullzer added this to the Nextcloud 15 milestone Sep 3, 2018
@nextcloud-bot
Copy link
Member

GitMate.io thinks possibly related issues are #6336 ('frame-src' in Content-Security-Policy is deprecated, 'child-src' should be used instead), #10207 (CSP nonce by default), #5356 (Deprecated message lazyLoadPreview()), #11028 (Move to stricter CSP), and #5179 (Adding self to CSP fails).

rullzer added a commit that referenced this issue Sep 3, 2018
@rullzer
Add workerSrc to CSP
e5a9471 
Fixes #11035

Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available

Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer rullzer mentioned this issue Sep 3, 2018
Merged
rullzer added a commit that referenced this issue Sep 4, 2018
@rullzer
Add workerSrc to CSP
c8fe4b4 
Fixes #11035

Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available

Signed-off-by: Roeland Jago Douma <[email protected]>
weeman1337 pushed a commit to weeman1337/server that referenced this issue Sep 6, 2018
@rullzer @weeman1337
Add workerSrc to CSP
2cbd88b 
Fixes nextcloud#11035

Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available

Signed-off-by: Roeland Jago Douma <[email protected]>
@rullzer rullzer mentioned this issue Oct 2, 2018
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Nov 29, 2018
Closed
@GTVolk GTVolk mentioned this issue Dec 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rullzer rullzer

Labels
1. to develop Accepted and waiting to be taken care of enhancement security
Projects
None yet
Milestone
Nextcloud 15
Development

No branches or pull requests
2 participants
@rullzer @nextcloud-bot