#5865 - Forms specifying a redirect in the action are blocked by CSP

By Guest
Added 9th Aug 2024, 4:12 AM
8 views

Identifier	#5865
Issue type	Minor issue (breaks specific functionality)
Title	Forms specifying a redirect in the action are blocked by CSP
Status	Closed (duplicate)
Handling member	Deleted
Version	11 alpha4
Addon	core
Description	Any forms which specify a redirect as part of its action (such as block top login) could get blocked by Content Security Policy in Chrome and Safari due to tightened security. We should work around this by doing an internal redirect via a redirect POST parameter.
Steps to reproduce
Related to	#5770 - Forms specifying a redirect in the action are blocked by CSP
Funded?	No

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

By Guest posted 19th May 2024, 4:43 PM

Automated message: This issue was created using the Report Issue Wizard on the Composr homesite.

By Guest posted 25th Jul 2024, 6:35 PM

protect_url_parameter is supposed to be used. Also modify the function comment for protect_url_parameter, _protect_url_parameter, and comment in global2.php against INPUT_FILTER_MODSECURITY_URL_PARAMETER, to also mention browser reflected-XSS filtering.

By Guest posted 12th Aug 2024, 9:12 PM

This is a spam copy/paste submission; exact copy of 5770.