[BUGFIX] Avoid exceptions due to non-HTTP URI values in CSP reporter
CSP violation reports might contain non-HTTP referrer URIs, like `android-app://com.google.android.googlequicksearchbox/`, which results in an exception, since the `android-app:` scheme is not supported by the model in `\TYPO3\CMS\Core\Http\Uri`. This change introduces the `Uri::fromAnyScheme()` factory method, which instructs the parsing logic to skip the scheme validation. Resolves: #103935 Releases: main, 12.4 Change-Id: I45cad34a797d098e439a1c6fb80945948bf02e34 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85518 Tested-by:core-ci <typo3@b13.com> Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by:
Showing
- typo3/sysext/core/Classes/Http/Uri.php 24 additions, 1 deletiontypo3/sysext/core/Classes/Http/Uri.php
- typo3/sysext/core/Classes/Middleware/AbstractContentSecurityPolicyReporter.php 5 additions, 1 deletion...sses/Middleware/AbstractContentSecurityPolicyReporter.php
- typo3/sysext/core/Tests/Unit/Http/UriTest.php 8 additions, 0 deletionstypo3/sysext/core/Tests/Unit/Http/UriTest.php
Please register or sign in to comment