[TASK] Introduce resource Content-Security-Policy check
Introduces Content-Security-Policy HTTP header check on fileadmin/ resources. This can be seen as follow-up up to TYPO3-CORE-SA-2020-006 and TYPO3-PSA-2019-010 now actively analyzing this HTTP header and letting users know in reports module and system environment check of the Install Tool. Resolves: #92835 Releases: master, 10.4, 9.5 Change-Id: I53028ae36c9195082993ee89d630efa7b555c547 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66627 Tested-by:TYPO3com <noreply@typo3.com> Tested-by:
Markus Klein <markus.klein@typo3.org> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Showing
- typo3/sysext/install/Classes/FolderStructure/DefaultFactory.php 6 additions, 0 deletions...sysext/install/Classes/FolderStructure/DefaultFactory.php
- typo3/sysext/install/Classes/SystemEnvironment/ServerResponse/ContentSecurityPolicyDirective.php 83 additions, 0 deletions...ronment/ServerResponse/ContentSecurityPolicyDirective.php
- typo3/sysext/install/Classes/SystemEnvironment/ServerResponse/ContentSecurityPolicyHeader.php 75 additions, 0 deletions...nvironment/ServerResponse/ContentSecurityPolicyHeader.php
- typo3/sysext/install/Classes/SystemEnvironment/ServerResponse/FileDeclaration.php 20 additions, 0 deletions...sses/SystemEnvironment/ServerResponse/FileDeclaration.php
- typo3/sysext/install/Classes/SystemEnvironment/ServerResponse/ServerResponseCheck.php 41 additions, 1 deletion.../SystemEnvironment/ServerResponse/ServerResponseCheck.php
- typo3/sysext/install/Resources/Private/FolderStructureTemplateFiles/resources-root-htaccess 13 additions, 0 deletions...vate/FolderStructureTemplateFiles/resources-root-htaccess
- typo3/sysext/install/Tests/Unit/SystemEnvironment/ServerResponse/ContentSecurityPolicyHeaderTest.php 87 additions, 0 deletions...onment/ServerResponse/ContentSecurityPolicyHeaderTest.php
Please register or sign in to comment