Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
C
csp-3464925
Manage
Activity
Members
Labels
Plan
Custom issue tracker
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Model registry
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Issue forks
csp-3464925
Commits
5984774c
Commit
5984774c
authored
4 years ago
by
Geoff Appleby
Browse files
Options
Downloads
Patches
Plain Diff
Issue
#3106728
: require-sri-for has been removed from SRI spec
parent
c8f1e952
No related branches found
No related tags found
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
config/schema/csp.schema.yml
+0
-4
0 additions, 4 deletions
config/schema/csp.schema.yml
src/Csp.php
+3
-1
3 additions, 1 deletion
src/Csp.php
src/Form/CspSettingsForm.php
+11
-15
11 additions, 15 deletions
src/Form/CspSettingsForm.php
with
14 additions
and
20 deletions
config/schema/csp.schema.yml
+
0
−
4
View file @
5984774c
...
...
@@ -104,10 +104,6 @@ csp_directive.navigate-to:
type
:
csp_directive_source_list
csp_directive.block-all-mixed-content
:
type
:
boolean
csp_directive.require-sri-for
:
type
:
sequence
sequence
:
type
:
string
csp_directive.upgrade-insecure-requests
:
type
:
boolean
...
...
This diff is collapsed.
Click to expand it.
src/Csp.php
+
3
−
1
View file @
5984774c
...
...
@@ -72,12 +72,14 @@ class Csp {
// Other directives.
// @see https://www.w3.org/TR/CSP/#directives-elsewhere
'block-all-mixed-content'
=>
self
::
DIRECTIVE_SCHEMA_BOOLEAN
,
'require-sri-for'
=>
self
::
DIRECTIVE_SCHEMA_TOKEN_LIST
,
'upgrade-insecure-requests'
=>
self
::
DIRECTIVE_SCHEMA_BOOLEAN
,
// Deprecated directives.
// Referrer isn't in the Level 1 spec, but was accepted until Chrome 56 and
// Firefox 62.
'referrer'
=>
self
::
DIRECTIVE_SCHEMA_TOKEN
,
// 'require-sri-for' was removed from the SRI spec.
// @see https://www.drupal.org/project/csp/issues/3106728
'require-sri-for'
=>
self
::
DIRECTIVE_SCHEMA_TOKEN_LIST
,
];
/**
...
...
This diff is collapsed.
Click to expand it.
src/Form/CspSettingsForm.php
+
11
−
15
View file @
5984774c
...
...
@@ -110,12 +110,19 @@ class CspSettingsForm extends ConfigFormBase {
*/
private
function
getConfigurableDirectives
()
{
// Exclude some directives
// - Reporting directives have dedicated fields elsewhere in the form.
// - 'referrer' is deprecated in favour of the Referrer-Policy header, and
// not supported in most browsers.
// - Reporting directives are handled by plugins.
// - 'referrer' was deprecated prior to CSP Level 1 and not supported in
// most browsers.
// - 'require-sri-for' was never publicly implemented, and dropped from the
// SRI spec.
$directives
=
array_diff
(
Csp
::
getDirectiveNames
(),
[
'report-uri'
,
'report-to'
,
'referrer'
]
[
'report-uri'
,
'report-to'
,
'referrer'
,
'require-sri-for'
,
]
);
return
$directives
;
...
...
@@ -372,17 +379,6 @@ class CspSettingsForm extends ConfigFormBase {
'#default_value'
=>
$config
->
get
(
$policyTypeKey
.
'.directives.sandbox'
)
?:
[],
];
$form
[
$policyTypeKey
][
'directives'
][
'require-sri-for'
][
'options'
][
'keys'
]
=
[
'#type'
=>
'checkboxes'
,
'#parents'
=>
[
$policyTypeKey
,
'directives'
,
'require-sri-for'
,
'keys'
],
'#options'
=>
[
'script'
=>
'<code>script</code>'
,
'style'
=>
'<code>style</code>'
,
],
'#default_value'
=>
$config
->
get
(
$policyTypeKey
.
'.directives.require-sri-for'
)
?:
[],
];
$form
[
$policyTypeKey
][
'reporting'
]
=
[
'#type'
=>
'fieldset'
,
'#title'
=>
$this
->
t
(
'Reporting'
),
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment