Skip to content
Snippets Groups Projects
Commit 7b7a7a1c authored by Oliver Hader's avatar Oliver Hader Committed by Oliver Hader
Browse files

[FEATURE] Introduce Content Security Policy headers 

This change introduces various representations of the
Content-Security-Policy domain as PHP classes.

The PSR-15 middlewares `ContentSecurityPolicyHeaders` are applying
the corresponding HTTP headers to each response in the frontend and
backend scope - in case no other component already added a
`Content-Security-Policy` or `Content-Security-Policy-Report-Only`
header, and only if the corresponding feature flag is enabled:

+ `security.backend.enforceContentSecurityPolicy`
+ `security.frontend.enforceContentSecurityPolicy`

For new installations `security.backend.enforceContentSecurityPolicy`
is enabled via factory default settings.

Resolves: #100055
Related: #99499
Related: #97068
Releases: main
Change-Id: I355393738f1d578b612e0e041e87be643f9e389a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77997


Tested-by: default avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: default avatarBenni Mack <benni@typo3.org>
Tested-by: default avatarcore-ci <typo3@b13.com>
Tested-by: default avatarBenni Mack <benni@typo3.org>
Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: default avatarMarkus Klein <markus.klein@typo3.org>
parent 1d625cd1
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 940 additions and 31 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment