View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0021650 | mantisbt | security | public | 2016-08-27 18:49 | 2016-08-28 14:49 |
Reporter | vboctor | Assigned To | vboctor | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.0.0-beta.1 | ||||
Target Version | 2.0.0-beta.2 | Fixed in Version | 2.0.0-beta.2 | ||
Summary | 0021650: Content-Security-Policy is disabled in 2.0.0-beta.1 | ||||
Description | The security headers from core were disabled, should be re-enabled. | ||||
Tags | No tags attached. | ||||
MantisBT: master df3d0bcf 2016-08-27 14:47 Details Diff |
Enable security headers It was disabled in the 2.0.0-beta.1 release, re-enabling it. Fixes 0021650 |
Affected Issues 0021650 |
|
mod - core/http_api.php | Diff File | ||
MantisBT: master 133c109f 2016-08-27 15:02 Details Diff |
White list CDN sources in CSP header Fixes 0021650 |
Affected Issues 0021650 |
|
mod - core/http_api.php | Diff File | ||
mod - plugins/MantisGraph/MantisGraph.php | Diff File | ||
MantisBT: master 75303848 2016-08-27 15:24 Details Diff |
Enable inline script on View Issue for Dropzone This is a temporary fix until 0021651 is fixed. Fixes 0021650 |
Affected Issues 0021650 |
|
mod - core/http_api.php | Diff File |