0005865: Forms specifying a redirect in the action are blocked by CSP

ID	Project	Category	View Status	Date Submitted	Last Update

0005865	Composr	core	public	2024-08-09 08:12	2024-08-13 01:13

Reporter	Guest	Assigned To	Patrick Schmalstig
Severity	Minor-bug
Status	closed	Resolution	duplicate
Product Version	11.alpha4
Fixed in Version

Summary	0005865: Forms specifying a redirect in the action are blocked by CSP
Description	Any forms which specify a redirect as part of its action (such as block top login) could get blocked by Content Security Policy in Chrome and Safari due to tightened security. We should work around this by doing an internal redirect via a redirect POST parameter.
Tags	No tags attached.

Time estimation (hours)
Sponsorship open

admin 2024-05-19 20:43 administrator ~0009149	Automated message: This issue was created using the Report Issue Wizard on the Composr homesite.

Chris Graham 2024-07-25 22:35 administrator ~0009150	protect_url_parameter is supposed to be used. Also modify the function comment for protect_url_parameter, _protect_url_parameter, and comment in global2.php against INPUT_FILTER_MODSECURITY_URL_PARAMETER, to also mention browser reflected-XSS filtering.

Patrick Schmalstig 2024-08-13 01:12 administrator ~0009172 Last edited: 2024-08-13 01:13 View 2 revisions	This is a spam copy/paste submission; exact copy of 5770.

Date Modified	Username	Field	Change
2024-08-09 08:12	Guest	New Issue
2024-08-09 08:12	Guest	Issue generated from: 0005770
2024-08-13 01:12	Patrick Schmalstig	Assigned To	=> Patrick Schmalstig
2024-08-13 01:12	Patrick Schmalstig	Status	non-assigned => closed
2024-08-13 01:12	Patrick Schmalstig	Resolution	open => duplicate
2024-08-13 01:12	Patrick Schmalstig	Note Added: 0009172
2024-08-13 01:12	Patrick Schmalstig	Relationship replaced	duplicate of 0005853
2024-08-13 01:12	Patrick Schmalstig	Relationship added	duplicate of 0005770
2024-08-13 01:13	Patrick Schmalstig	Note Edited: 0009172	View Revisions
2024-08-13 01:13	Patrick Schmalstig	Relationship deleted	0005853