View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005770 | Composr | core | public | 2024-05-19 20:43 | 2024-09-05 18:20 |
| Reporter | Patrick Schmalstig | Assigned To | |||
| Severity | Minor-bug | ||||
| Status | non-assigned | Resolution | open | ||
| Product Version | 11.alpha4 | ||||
| Fixed in Version | |||||
| Summary | 0005770: Forms specifying a redirect in the action are blocked by CSP | ||||
| Description | Any forms which specify a redirect as part of its action (such as block top login) could get blocked by Content Security Policy in Chrome and Safari due to tightened security. We should work around this by doing an internal redirect via a redirect POST parameter. | ||||
| Tags | Roadmap: v11 | ||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
| has duplicate | 0005865 | closed | Patrick Schmalstig | Forms specifying a redirect in the action are blocked by CSP |
| related to | 0005853 | resolved | Patrick Schmalstig | Internal redirects failing with Forbidden error |
|
|
Automated message: This issue was created using the Report Issue Wizard on the Composr homesite. |
|
|
protect_url_parameter is supposed to be used. Also modify the function comment for protect_url_parameter, _protect_url_parameter, and comment in global2.php against INPUT_FILTER_MODSECURITY_URL_PARAMETER, to also mention browser reflected-XSS filtering. |
|
|
I added several missing protect_url_parameter but I cannot consider this issue resolved because top_login was not one of them from which this issue originates. top_login gets login URL (+ redirect) from global3.php get_login_url but this is already using protect_url_parameter. So there is another bug somewhere. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-07-25 22:35 | Chris Graham | Note Added: 0008960 | |
| 2024-07-25 22:35 | Chris Graham | Tag Attached: Roadmap: v11 | |
| 2024-08-07 20:56 | Patrick Schmalstig | Relationship added | related to 0005853 |
| 2024-08-09 08:12 | Guest | Issue cloned: 0005865 | |
| 2024-08-13 01:12 | Patrick Schmalstig | Relationship added | has duplicate 0005865 |
| 2024-09-05 18:20 | Patrick Schmalstig | Note Added: 0009282 |
