Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP header is missing the script-src policy #5180

Open
nilmerg opened this issue Feb 2, 2024 · 0 comments · May be fixed by #5181
Open

CSP header is missing the script-src policy #5180

nilmerg opened this issue Feb 2, 2024 · 0 comments · May be fixed by #5181
Assignees
@nilmerg
Labels
bug Something isn't working
Milestone
2.12.2

Comments

@nilmerg
Copy link
Member

nilmerg commented Feb 2, 2024

Describe the bug

The CSP header used by Icinga Web doesn't define a policy for javascript, and thus doesn't prohibit e.g. inlining it.

Expected behavior

script-src 'self'; should be added.

Your Environment

  • Icinga Web 2 version and modules (System - About): 2.12.0
@nilmerg nilmerg added the bug Something isn't working label Feb 2, 2024
@nilmerg nilmerg added this to the 2.12.2 milestone Feb 2, 2024
@nilmerg nilmerg self-assigned this Feb 2, 2024
nilmerg added a commit that referenced this issue Feb 2, 2024
@nilmerg
Csp: Include `script-src 'self';
0258676 
fixes #5180
@nilmerg nilmerg linked a pull request Feb 2, 2024 that will close this issue
Open
nilmerg added a commit that referenced this issue Feb 9, 2024
@nilmerg
Csp: Include `script-src 'self';
22689d3 
fixes #5180
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nilmerg nilmerg

Labels
bug Something isn't working
Projects
None yet
Milestone
2.12.2
Development

Successfully merging a pull request may close this issue.

Add missing script-src policy Icinga/icingaweb2
1 participant
@nilmerg