View Issue Details

IDProjectCategoryView StatusLast Update
0021650mantisbtsecuritypublic2016-08-28 14:49
ReportervboctorAssigned Tovboctor 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.0.0-beta.1 
Target Version2.0.0-beta.2Fixed in Version2.0.0-beta.2 
Summary0021650: Content-Security-Policy is disabled in 2.0.0-beta.1
Description

The security headers from core were disabled, should be re-enabled.

TagsNo tags attached.

Relationships

related to 0021653 closedvboctor Graphs broken 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master df3d0bcf

2016-08-27 18:47:22

vboctor

Details Diff
Enable security headers

It was disabled in the 2.0.0-beta.1 release,
re-enabling it.

Fixes 0021650
mod - core/http_api.php Diff File

MantisBT: master 133c109f

2016-08-27 19:02:55

vboctor

Details Diff
White list CDN sources in CSP header

Fixes 0021650
mod - core/http_api.php Diff File
mod - plugins/MantisGraph/MantisGraph.php Diff File

MantisBT: master 75303848

2016-08-27 19:24:53

vboctor

Details Diff
Enable inline script on View Issue for Dropzone

This is a temporary fix until 0021651 is fixed.

Fixes 0021650
mod - core/http_api.php Diff File

Issue History

Date Modified Username Field Change
2016-08-27 18:49 vboctor New Issue
2016-08-27 18:49 vboctor Status new => assigned
2016-08-27 18:49 vboctor Assigned To => vboctor
2016-08-27 19:03 vboctor Changeset attached => MantisBT master df3d0bcf
2016-08-27 19:03 vboctor Changeset attached => MantisBT master 133c109f
2016-08-27 19:03 vboctor Status assigned => resolved
2016-08-27 19:03 vboctor Resolution open => fixed
2016-08-27 19:03 vboctor Fixed in Version => 2.0.0-beta.2
2016-08-27 19:25 vboctor Changeset attached => MantisBT master 75303848
2016-08-28 01:11 vboctor Status resolved => closed
2016-08-28 14:49 atrol Relationship added related to 0021653