Inside http_response_headers.install file, in the line 24, this if operation is wrong:
$strict_transport_security instanceof ResponseHeaderInterface
Is wrong because according PHP documentation http://php.net/manual/en/internals2.opcodes.instanceof.php, When checking instanceof against a class that implements a interface, it will return true.

inside ResponseHeader.php, the class ResponseHeader implements ResponseHeaderInterface

CommentFileSizeAuthor
#4 invalid-content-security-policy-check--3014523.patch945 bytesMykolaVeryha

Comments

pierre@edumobi.com.br created an issue. See original summary.

pierre@edumobi.com.br’s picture

pierre@edumobi.com.br commented

This bug still presents in 8.x-2.x version as well

gapple’s picture

gapple
he/they
Primary language English
commented
Issue tags: -Content Security Policy, -http header

It looks like the intent of the if statement is to 1. check that a header is configured 2. that it implements the expected interface and 3. that it has a non-empty value.

Checking against the interface is correct, but in this case should be negated: !($strict_transport_security instanceof ResponseHeaderInterface). It is probably superfluous though, since the entity manager should only return entities of the expected type.

MykolaVeryha’s picture

MykolaVeryha commented
StatusFileSize
new invalid-content-security-policy-check--3014523.patch945 bytes
minnur’s picture

minnur commented
Status: Active » Fixed
minnur’s picture

minnur commented

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.