-
Oliver Hader authored
An internal csp-violation reporting endpoint is integrated, which keeps track of potential violations in frontend and backend scope. Alternative remote endpoints of 3rd party services can be configured with in TYPO3_CONF_VARS setting `contentSecurityPolicyReportingUrl` for `BE` or `FE`. Violations ("reports") are visualized in the new Content-Security-Policy backend module, which allows to select from possible suggestions that would resolve a violation - however a user with system maintainer privileges has to make this decision. For the time being, the `GoogleMapsHandler` has been added, which can be used as an inspiration for additional custom CSP violation handlers. The following test extension triggers CSP violations: https://packagist.org/packages/oliver-hader/csp-test Resolves: #87423 Related: #99499 Releases: main Change-Id: I7476b954c896c4d367d4e41e3d0f6f663952e966 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77998 Tested-by:Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by:
core-ci <typo3@b13.com> Tested-by:
Georg Ringer <georg.ringer@gmail.com> Reviewed-by:
Torben Hansen <derhansen@gmail.com> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
94bcbf0f
