View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0014679||mantisbt||security||public||2012-09-03 04:31||2015-07-07 16:48|
|Target Version||1.3.0-beta.1||Fixed in Version||1.3.0-beta.1|
|Summary||0014679: Support Content-Security-Policy (CSP) per W3C specification|
dhx originally implemented CSP following the Mozilla-proposed specification X-Content-Security-Policy  in 0011825.
Since then, the proposal has evolved into a W3C standard , which is still in DRAFT form but differs in some significant ways from the Mozilla original specification:
MantisBT headers should be modified adhere to the new standard once it becomes final and is correctly implemented in major browsers (see Additional info below).
With Firefox 15, the new standard is only partially implemented:
Adherence to the new standard is a work-in-progress at Mozilla:
|Tags||No tags attached.|
The CSP 1.0 standard has been implemented in Firefox 23  in June 2013; as per the blog post, it is also available in Chrome 25 and IE 10.
I tried to make the change in http api, but unfortunately there seems to be an issue with jQuery, triggering "Content Security Policy: Directive inline script base restriction violated" whenever it is included (tested with 1.9.1 and 1.10.2).
This error is reproducible with a simple test file (tested on FF 24)
Somebody else reported the same error 
Test branch: https://github.com/dregad/mantisbt/tree/csp-update
This was actually implemented by grangeway in september 2014.
|2012-09-03 04:31||dregad||New Issue|
|2012-09-03 04:31||dregad||Issue generated from: 0011825|
|2012-09-03 04:31||dregad||Relationship added||related to 0011825|
|2012-09-03 04:31||dregad||Status||new => confirmed|
|2012-09-03 04:32||dregad||Product Version||1.2.0 => 1.2.1|
|2013-10-17 10:49||dregad||Note Added: 0038290|
|2013-10-17 10:53||dregad||Note Edited: 0038290||View Revisions|
|2015-04-05 12:42||dregad||Relationship added||related to 0019307|
|2015-04-05 12:44||dregad||Assigned To||=> dregad|
|2015-04-05 12:44||dregad||Status||confirmed => resolved|
|2015-04-05 12:44||dregad||Resolution||open => fixed|
|2015-04-05 12:44||dregad||Fixed in Version||=> 1.3.0-beta.1|
|2015-04-05 12:44||dregad||Note Added: 0049324|
|2015-04-05 12:44||dregad||Changeset attached||=> MantisBT master 91242cdb|
|2015-04-05 12:50||dregad||Target Version||=> 1.3.0-beta.1|
|2015-07-07 16:48||atrol||Status||resolved => closed|