View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 5865 | Composr | core | public | 2024-08-09 08:12 | 2024-08-13 01:13 |
| Reporter | Guest | Assigned To | PDStig | ||
| Priority | high | Severity | minor | ||
| Status | closed | Resolution | duplicate | ||
| Product Version | 11.alpha4 | ||||
| Summary | 5865: Forms specifying a redirect in the action are blocked by CSP | ||||
| Description | Any forms which specify a redirect as part of its action (such as block top login) could get blocked by Content Security Policy in Chrome and Safari due to tightened security. We should work around this by doing an internal redirect via a redirect POST parameter. | ||||
| Tags | No tags attached. | ||||
| Attach Tags | |||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
Automated message: This issue was created using the Report Issue Wizard on the Composr homesite. |
|
|
protect_url_parameter is supposed to be used. Also modify the function comment for protect_url_parameter, _protect_url_parameter, and comment in global2.php against INPUT_FILTER_MODSECURITY_URL_PARAMETER, to also mention browser reflected-XSS filtering. |
|
|
This is a spam copy/paste submission; exact copy of 5770. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-08-09 08:12 | Guest | New Issue | |
| 2024-08-09 08:12 | Guest | Issue generated from: 5770 | |
| 2024-08-13 01:12 | PDStig | Assigned To | => user4172 |
| 2024-08-13 01:12 | PDStig | Status | Not Assigned => Closed |
| 2024-08-13 01:12 | PDStig | Resolution | open => duplicate |
| 2024-08-13 01:12 | PDStig | Note Added: 0009172 | |
| 2024-08-13 01:12 | PDStig | Relationship replaced | duplicate of 5853 |
| 2024-08-13 01:12 | PDStig | Relationship added | duplicate of 5770 |
| 2024-08-13 01:13 | PDStig | Note Edited: 0009172 | |
| 2024-08-13 01:13 | PDStig | Relationship deleted | 5853 |
