Skip to content
Snippets Groups Projects
Commit a0c0e57a authored by Oliver Hader's avatar Oliver Hader Committed by Oliver Hader
Browse files

[BUGFIX] Allow CSP inline styles in directly requested SVG files 

Using CSP directive `style-src 'unsafe-inline'` seems to be fine
for directly requested SVG files, since corresponding definitions
are bound to the corresponding resource. Loading styles from any
other external resource is still denied.

Resolves: #93884
Releases: main, 11.5, 10.4
Change-Id: Ifddf8782ecaa81bf26026ae8850d8c53b7977bd7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77456


Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
Tested-by: default avatarcore-ci <typo3@b13.com>
Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
parent 504abbed
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment