Problem/Motivation

An allowlist only allows domain sources, so if an 'Any' / * base policy is selected any other values will be omitted from the output policy (#3216477: Don't allow additional sources if 'Any' base policy selected)

(This differs from CSP, which allows non-domain sources like data: or hashes, which still need to be included alongside the global wildcard)

The configuration form should only show the additional sources field if an empty or 'self' base policy is selected.

Comments

gapple created an issue. See original summary.

gapple’s picture

gapple
he/they
Primary language English
commented

There are appears to be some quirks in the #states system around handling a form radio with an empty value.

I think it will be necessary to use a different key for the empty radio value, then adjust the value stored in the save handler when necessary.

  • gapple committed ddd1326 on 1.0.x 
    Issue #3216637: Only show additional sources field for empty or self...
gapple’s picture

gapple
he/they
Primary language English
commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.