View Issue Details

IDProjectCategoryView StatusLast Update
0021650mantisbtsecuritypublic2016-08-28 14:49
Reportervboctor Assigned Tovboctor  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.0.0-beta.1 
Target Version2.0.0-beta.2Fixed in Version2.0.0-beta.2 
Summary0021650: Content-Security-Policy is disabled in 2.0.0-beta.1
Description

The security headers from core were disabled, should be re-enabled.

TagsNo tags attached.

Relationships

related to 0021653 closedvboctor Graphs broken 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master df3d0bcf

2016-08-27 14:47

vboctor


Details Diff
Enable security headers

It was disabled in the 2.0.0-beta.1 release,
re-enabling it.

Fixes 0021650
Affected Issues
0021650
mod - core/http_api.php Diff File

MantisBT: master 133c109f

2016-08-27 15:02

vboctor


Details Diff
White list CDN sources in CSP header

Fixes 0021650
Affected Issues
0021650
mod - core/http_api.php Diff File
mod - plugins/MantisGraph/MantisGraph.php Diff File

MantisBT: master 75303848

2016-08-27 15:24

vboctor


Details Diff
Enable inline script on View Issue for Dropzone

This is a temporary fix until 0021651 is fixed.

Fixes 0021650
Affected Issues
0021650
mod - core/http_api.php Diff File