From 31579e21c64049659ca307dcbdab3f3770673349 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Wed, 10 Nov 2021 10:22:32 +0100
Subject: [PATCH] [TASK] Enable Content-Security-Policy in backend acceptance
tests
To avoid introducing new components that rely on inline JavaScript,
Content-Security-Policy HTTP headers for the TYPO3 backend are enabled
when executing automated tests.
Resolves: #95898
Releases: main, 11.5
Change-Id: I2bbc1ce055d066381cd53449d1b37fd2cafe0168
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72137
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
---
composer.lock | 21 +++++++++----------
.../Extension/BackendCoreEnvironment.php | 9 ++++++++
2 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/composer.lock b/composer.lock
index 0f973a7d07e3..f6ee442d6017 100644
--- a/composer.lock
+++ b/composer.lock
@@ -8140,16 +8140,16 @@
},
{
"name": "typo3/cms-styleguide",
- "version": "11.5.0",
+ "version": "11.5.2",
"source": {
"type": "git",
"url": "https://github.com/TYPO3/styleguide.git",
- "reference": "494dd4605e6b459c165a24f8d9f8b15673e547f2"
+ "reference": "6a441433028e72b4b5913315fcb1551f2d29070f"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/TYPO3/styleguide/zipball/494dd4605e6b459c165a24f8d9f8b15673e547f2",
- "reference": "494dd4605e6b459c165a24f8d9f8b15673e547f2",
+ "url": "https://api.github.com/repos/TYPO3/styleguide/zipball/6a441433028e72b4b5913315fcb1551f2d29070f",
+ "reference": "6a441433028e72b4b5913315fcb1551f2d29070f",
"shasum": ""
},
"require-dev": {
@@ -8158,13 +8158,12 @@
"codeception/module-cli": "^1.1",
"codeception/module-webdriver": "^1.1",
"phpstan/phpstan": "^0.12.37",
- "typo3/cms-about": "dev-master",
- "typo3/cms-core": "dev-master",
- "typo3/cms-frontend": "dev-master",
- "typo3/cms-install": "dev-master",
+ "typo3/cms-core": "dev-main",
+ "typo3/cms-frontend": "dev-main",
+ "typo3/cms-install": "dev-main",
"typo3/coding-standards": "^0.3.0",
"typo3/tailor": "^1.2",
- "typo3/testing-framework": "^6.12.0"
+ "typo3/testing-framework": "dev-main"
},
"type": "typo3-cms-extension",
"extra": {
@@ -8204,9 +8203,9 @@
],
"support": {
"issues": "https://github.com/TYPO3/styleguide/issues",
- "source": "https://github.com/TYPO3/styleguide/tree/11.5.0"
+ "source": "https://github.com/TYPO3/styleguide/tree/11.5.2"
},
- "time": "2021-10-17T18:47:16+00:00"
+ "time": "2021-11-29T19:56:35+00:00"
},
{
"name": "typo3/testing-framework",
diff --git a/typo3/sysext/core/Tests/Acceptance/Support/Extension/BackendCoreEnvironment.php b/typo3/sysext/core/Tests/Acceptance/Support/Extension/BackendCoreEnvironment.php
index aecce422b66e..84236b0e2550 100644
--- a/typo3/sysext/core/Tests/Acceptance/Support/Extension/BackendCoreEnvironment.php
+++ b/typo3/sysext/core/Tests/Acceptance/Support/Extension/BackendCoreEnvironment.php
@@ -86,6 +86,15 @@ class BackendCoreEnvironment extends BackendEnvironment
'MAIL' => [
'transport' => NullTransport::class,
],
+ 'BE' => [
+ 'HTTP' => [
+ 'Response' => [
+ 'Headers' => [
+ 'csp-report' => "Content-Security-Policy-Report-Only: default-src 'self'; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src 'self' data:; worker-src 'self' blob:;",
+ ],
+ ],
+ ],
+ ],
],
];
--
GitLab