[BUGFIX] Add frontend preview URL to CSP frame-src directive
Add the URL of the page to be shown in web > view backend module to the `frame-src` directive of the Content-Security-Policy. This is required in case the backend URL is different to the frontend URL that shall be used to preview that page. The new registry service `PolicyRegistry` is introduced to collect temporary adjustments to the Content-Security-Policy, which are applied in the central `PolicyProvider`. Resolves: #100460 Releases: main Change-Id: I3f6eb27fc261e4521940a6222499c1c33ae8015d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78473 Reviewed-by:Benni Mack <benni@typo3.org> Tested-by:
core-ci <typo3@b13.com> Reviewed-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
Showing
- typo3/sysext/core/Classes/Security/ContentSecurityPolicy/PolicyProvider.php 11 additions, 0 deletions...Classes/Security/ContentSecurityPolicy/PolicyProvider.php
- typo3/sysext/core/Classes/Security/ContentSecurityPolicy/PolicyRegistry.php 56 additions, 0 deletions...Classes/Security/ContentSecurityPolicy/PolicyRegistry.php
- typo3/sysext/core/Configuration/Services.yaml 3 additions, 0 deletionstypo3/sysext/core/Configuration/Services.yaml
- typo3/sysext/viewpage/Classes/Controller/ViewModuleController.php 16 additions, 3 deletions...sext/viewpage/Classes/Controller/ViewModuleController.php
Please register or sign in to comment