Problem/Motivation

Administer the Remove HTTP headers settings has security implications and that granting it should be done with care.

Proposed resolution

Add restrict access: TRUE to permission.

Remaining tasks

  1. Create patch
  2. Review/RTBC
  3. Commit

User interface changes

Provides message "Warning: Give to trusted roles only; this permission has security implications." for Administer the Remove HTTP headers settings permission.

API changes

None.

Data model changes

None.

CommentFileSizeAuthor
#2 remove_http_headers-restrict_access-3057423-2.patch336 bytesi-trokhanenko

Comments

i-trokhanenko created an issue. See original summary.

i-trokhanenko’s picture

i-trokhanenko
Location Lutsk 🇺🇦
commented
Status: Active » Needs review
StatusFileSize
new remove_http_headers-restrict_access-3057423-2.patch336 bytes

Please review!

i-trokhanenko’s picture

i-trokhanenko
Location Lutsk 🇺🇦
commented
Issue summary: View changes
Roman Dyn’s picture

Roman Dyn commented
Status: Needs review » Reviewed & tested by the community

Patch #2 works well for me. Please commit.

Roman Dyn’s picture

Roman Dyn commented
Issue summary: View changes

orlando.thoeny’s picture

orlando.thoeny
Location Switzerland 🇨🇭
commented
Status: Reviewed & tested by the community » Fixed

Thanks :) Commtted

orlando.thoeny’s picture

orlando.thoeny
Location Switzerland 🇨🇭
commented
Issue summary: View changes

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.