WIP - Partial revert and debug messages appended to test (#1480)
This commit is contained in:
Christophe Maudoux
parent
6aed829baa
commit
1bebba42c3
|
|
@ -31,7 +31,6 @@ sub defaultValues {
|
|||
'cspConnect' => '\'self\'',
|
||||
'cspDefault' => '\'self\'',
|
||||
'cspFont' => '\'self\'',
|
||||
'cspFormAction' => '\'self\'',
|
||||
'cspImg' => '\'self\' data:',
|
||||
'cspScript' => '\'self\'',
|
||||
'cspStyle' => '\'self\'',
|
||||
|
|
|
|||
|
|
@ -907,10 +907,6 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => '\'self\'',
|
||||
'type' => 'text'
|
||||
},
|
||||
'cspFormAction' => {
|
||||
'default' => '\'self\'',
|
||||
'type' => 'text'
|
||||
},
|
||||
'cspImg' => {
|
||||
'default' => '\'self\' data:',
|
||||
'type' => 'text'
|
||||
|
|
|
|||
|
|
@ -599,11 +599,6 @@ sub attributes {
|
|||
default => "'self'",
|
||||
documentation => 'Font source for Content-Security-Policy',
|
||||
},
|
||||
cspFormAction => {
|
||||
type => 'text',
|
||||
default => "'self'",
|
||||
documentation => 'Form-Action source for Content-Security-Policy',
|
||||
},
|
||||
portalAntiFrame => {
|
||||
default => 1,
|
||||
type => 'bool',
|
||||
|
|
|
|||
|
|
@ -736,7 +736,6 @@ sub tree {
|
|||
'cspDefault', 'cspImg',
|
||||
'cspScript', 'cspStyle',
|
||||
'cspConnect', 'cspFont',
|
||||
'cspFormAction',
|
||||
]
|
||||
},
|
||||
'requireToken',
|
||||
|
|
|
|||
|
|
@ -142,7 +142,6 @@
|
|||
"cspStyle":"مصدر الأسلوب ",
|
||||
"cspConnect":"وجهات أجاكس",
|
||||
"cspFont":" مصدر نوع الخط",
|
||||
"cspFormAction":"Form-Action source",
|
||||
"cfgLog":"استئنف",
|
||||
"cfgVersion":"عملية ضبط الإصدارات",
|
||||
"checkXSS":"تحقق من هجمات XSS",
|
||||
|
|
|
|||
|
|
@ -142,7 +142,6 @@
|
|||
"cspStyle":"Style source",
|
||||
"cspConnect":"Ajax destinations",
|
||||
"cspFont":"Font source",
|
||||
"cspFormAction":"Form-Action source",
|
||||
"cfgLog":"Resume",
|
||||
"cfgVersion":"Configuration version",
|
||||
"checkXSS":"Check XSS attacks",
|
||||
|
|
|
|||
|
|
@ -142,7 +142,6 @@
|
|||
"cspStyle":"Sources des styles",
|
||||
"cspConnect":"Destinations des requêtes Ajax",
|
||||
"cspFont":"Source des polices",
|
||||
"cspFormAction":"Source des actions des formulaires",
|
||||
"cfgLog":"Résumé",
|
||||
"cfgVersion":"Version de la configuration",
|
||||
"checkXSS":"Contrôler les attaques XSS",
|
||||
|
|
|
|||
|
|
@ -142,7 +142,6 @@
|
|||
"cspStyle":"Origine di stile",
|
||||
"cspConnect":"Destinazioni Ajax",
|
||||
"cspFont":"Origine carattere",
|
||||
"cspFormAction":"Form-Action source",
|
||||
"cfgLog":"Riprendi",
|
||||
"cfgVersion":"Versione configurazione",
|
||||
"checkXSS":"Verifica attacchi XSS",
|
||||
|
|
|
|||
|
|
@ -142,7 +142,6 @@
|
|||
"cspStyle":"Nguồn phong cách",
|
||||
"cspConnect":"Đích cúa Ajax",
|
||||
"cspFont":"Nguồn phông chữ",
|
||||
"cspFormAction":"Form-Action source",
|
||||
"cfgLog":"Tiếp tục",
|
||||
"cfgVersion":"Phiên bản cấu hình",
|
||||
"checkXSS":"Kiểm tra tấn công XSS",
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -174,7 +174,6 @@ sub reloadConf {
|
|||
my $prm = $self->conf->{ 'csp' . ucfirst($_) };
|
||||
$csp .= "$_-src $prm;" if ($prm);
|
||||
}
|
||||
$csp = $csp . "form-action 'self' " . $self->conf->{ cspFormAction };
|
||||
$self->csp($csp);
|
||||
|
||||
# Initialize templateDir
|
||||
|
|
|
|||
|
|
@ -722,18 +722,21 @@ sub sendHtml {
|
|||
'X-XSS-Protection' => '1; mode=block',
|
||||
'X-Content-Type-Options' => 'nosniff';
|
||||
|
||||
# Set authorizated URL for POST
|
||||
#my $csp = $self->csp . "form-action 'self'";
|
||||
my $csp = $self->csp;
|
||||
# Set authorized URL for POST
|
||||
my $csp = $self->csp . "form-action 'self'";
|
||||
if ( my $url = $req->urldc ) {
|
||||
$self->logger->debug("Required urldc : $url");
|
||||
$url =~ s#(https?://[^/]+).*#$1#;
|
||||
$self->logger->debug("Set CSP form-action with urldc : $url");
|
||||
$csp .= " $url";
|
||||
}
|
||||
my $url = $args->{params}->{URL};
|
||||
$self->logger->debug("Required Params URL : $url");
|
||||
if ( defined $url and $url =~ s#(https?://[^/]+).*#$1# ) {
|
||||
$self->logger->debug("Set CSP form-action with Params URL : $url");
|
||||
$csp .= " $url";
|
||||
}
|
||||
my $url = $args{params}->{URL};
|
||||
if ( $url and $url =~ s#(https?://[^/]+).*#$1# ) {
|
||||
$csp .= " $url";
|
||||
}
|
||||
$csp .= ';';
|
||||
#$csp .= ';';
|
||||
|
||||
# Deny using portal in frame except if it is required
|
||||
unless ( $req->frame or $self->conf->{portalAntiFrame} == 0 ) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user