When adding allowed sources, it limits you to 128 characters. I need to add more allowed sources and that limit is keeping me from doing so. Feel like that limit is too constrictive and needs to be updated to allow more. Might be better and easier to read to convert those fields to a textarea so their not limited (https://api.drupal.org/api/drupal/developer!topics!forms_api_reference.h...).

Forgive me if I did anything wrong here, first patch I've ever committed and fairly new to Drupal.

Members fund testing for the Drupal project. Drupal Association Learn more


bmarshall’s picture

Issue summary: View changes
3.34 KB
wiifm’s picture

Version: 7.x-1.8 » 7.x-1.x-dev
5.05 KB

Had the same issue, I do however think that a textarea will make it hard to author, as undoubtedly someone will place a newline character in there. Attached is a new patch that simply increases the maxlength of the field to 1024 characters (which I think will fit everyone's needs).

wiifm’s picture

Title: Maxlength of 128 characters is too restrictive » Increase maxlength of the CSP fields so that more domains can be added
Category: Feature request » Bug report

Also changing this to a bug report as this is actively preventing me from using the correct rules as they do not fit

jweowu’s picture

Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

jweowu’s picture

Included in 7.x-1.9-rc1.

Please follow #2200671: 7.x-1.9 release candidate to track any additional release candidates prior to the stable release.

  • Commit 61339ac on 7.x-1.x, 8.x-1.x authored by wiifm, committed by jweowu:
    Issue #2150731 by bmarshall, wiifm: Increase maxlength of the CSP fields...
milodesc’s picture

For what it's worth, #2 applied cleanly to 6.x-1.7.

jweowu’s picture

Thanks milodesc, but I see:

$ git apply --verbose 2150731-increase-textfield-length.patch
Checking patch includes/seckit.form.inc...
error: while searching for:
  // CSP report-uri directive
  $form['seckit_xss']['csp']['report-uri'] = array(
    '#type' => 'textfield',
    '#default_value' => $options['seckit_xss']['csp']['report-uri'],
    '#title' => 'report-uri',
    '#description' => t('Specify a URL (relative to the Drupal root) to which user-agents will report CSP violations. Use the default value, unless you have set up an alternative handler f
or these reports. Defaults to admin/config/system/seckit/csp-report which logs the report data in watchdog.'),                                                                

error: patch failed: includes/seckit.form.inc:136
error: includes/seckit.form.inc: patch does not apply
milodesc’s picture

Whoops. You're right. There was a difference between the D6 and D7 versions of the module in the '#description' value for $form['seckit_xss']['csp']['report-uri'] that was throwing off the patch application.

The new attached patch should work.

jweowu’s picture