*-src-elem should be populated by domains from site libraries [#3016229]

Domains added to script-src and style-src by libraries also need to be included in the corresponding *-src-elem directives. Otherwise, the *-elem directive could be incorrectly more restrictive in supporting browsers.

Policy optimization should remove the *src-elem directive if it is the same as it's corresponding *-src directive and can safely fallback.

Comments

Comment #1

26 November 2018 at 20:14

gapple created an issue. See original summary.

Comment #2

26 November 2018 at 20:20

gapple committed 0a8a1c4 on 8.x-1.x

Issue #3016229: Add library domains to *-src-elem directives

Comment #3

gapple

he/they

English

commented 26 November 2018 at 20:20

Status:

Active

» Fixed

Comment #4

26 November 2018 at 22:01

gapple committed fb38be3 on 8.x-1.x

Issue #3016229: Update Library Policy Builder test for *-src-elem...

Comment #5

10 December 2018 at 22:04

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

*-src-elem should be populated by domains from site libraries

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

News items

Our community

Documentation

Drupal code base

Governance of community