Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
- Log in or register to create an issue
- Advanced search
Title | Status | Priority | Category | Version | Component | Replies | Last updated | Assigned to | Created |
---|---|---|---|---|---|---|---|---|---|
Content-Security-Policy: The page’s settings blocked the loading of a resource at blob: (“default-src”). | Active | Normal | Support request | 8.x-1.x-dev | Code | 2 | 2 weeks 6 hours | 2 weeks 4 days | |
Add CSP entries on a per page basis | Active | Normal | Feature request | 2.x-dev | Code | 4 | 2 weeks 6 hours | 2 weeks 6 days | |
Automated Drupal 11 compatibility fixes for csp | Needs review | Normal | Task | 8.x-1.x-dev | Code | 2 | 2 weeks 5 days | 2 weeks 5 days | |
Add helper for safely appending nonce/hash sources | Needs review | Normal | Feature request | 8.x-1.x-dev | Code | 6 | 2 weeks 5 days | gapple | 4 months 2 days |
Remove X-Frame-Options Header | Active | Minor | Task | 2.x-dev | Code | 1 | 2 weeks 6 days | 2 weeks 6 days | |
Provide a README | Needs review | Normal | Task | 8.x-1.x-dev | Code | 11 | 1 month 5 days | 1 year 2 months | |
Enable conditional/alternate directive values | Active | Normal | Feature request | 2.x-dev | Code | 3 | 2 months 1 week | 5 months 3 weeks | |
Provides a filter to add nonce attribute to inline scripts. | Needs work | Normal | Feature request | 8.x-1.x-dev | Code | 3 | 2 months 1 week | 3 months 2 weeks | |
Create script-src from script-src-attr and script-src-elem | Postponed | Normal | Feature request | 2.x-dev | Code | 5 | 3 months 5 days | 4 years 4 months | |
Drop support for Drupal 10.0 | Postponed | Normal | Task | 2.x-dev | Code | 4 | 3 months 5 days | 4 months 1 week | |
Use Choice config validation constraint | Postponed | Minor | Task | 2.x-dev | Code | 8 | 3 months 5 days | 8 months 3 weeks | |
Remove supression of 'none' behaviour deprecation warning | Active | Normal | Task | 8.x-1.x-dev | Code | 3 | 3 months 5 days | 3 months 5 days | |
Only add header to relevant responses | Needs work | Normal | Task | 2.x-dev | Code | 6 | 3 months 5 days | 5 years 5 months | |
Copy configuration between report-only and enforced | Active | Minor | Feature request | 2.x-dev | Code | 4 | 3 months 5 days | 5 years 9 months | |
Provide different CSP policy for private files | Active | Normal | Feature request | 2.x-dev | Code | 2 | 3 months 5 days | 3 years 8 months | |
Improve handling of sources from libraries | Active | Normal | Plan | 2.x-dev | Code | 2 | 3 months 5 days | 5 months 4 days | |
CSP 2.0 | Active | Normal | Plan | 2.x-dev | Code | 6 | 3 months 5 days | 5 years 4 months | |
Deprecate Site Log reporting handler | Postponed | Normal | Task | 2.x-dev | Code | 3 | 3 months 5 days | 5 years 4 months | |
Remove code for Firefox bug 1313937 | Postponed | Normal | Task | 2.x-dev | Code | 2 | 3 months 5 days | 3 months 3 weeks | |
Improve default config | Active | Normal | Task | 8.x-1.x-dev | Code | 4 | 3 months 2 weeks | 9 months 3 weeks | |
Support 'inline-speculation-rules' keyword | Active | Normal | Task | 8.x-1.x-dev | Code | 1 | 3 months 3 weeks | 3 months 3 weeks | |
Add setting for pretty printing violoation reports in the log | Active | Normal | Feature request | 8.x-1.x-dev | Code | 7 | 3 months 3 weeks | 10 months 2 days | |
Missing style-src-attr unsafe-inline on Views edit page | Postponed (maintainer needs more info) | Normal | Bug report | 8.x-1.x-dev | Code | 2 | 4 months 1 day | 2 years 5 months | |
Implementation of hook_help() in module file | Needs work | Normal | Task | 8.x-1.x-dev | Code | 5 | 4 months 1 day | 1 year 2 weeks | |
Use full file path for external library sources | Needs work | Normal | Feature request | 8.x-1.x-dev | Code | 6 | 4 months 1 day | 2 years 2 months | |
Cache CSP header for dynamic requests | Needs work | Normal | Feature request | 8.x-1.x-dev | Code | 6 | 4 months 1 day | 1 year 4 months | |
CSP headers are overflowing when in maintenance mode (throws error 502) | Needs work | Normal | Feature request | 8.x-1.x-dev | Code | 4 | 4 months 3 weeks | 5 months 1 day | |
Recommended way to add all Google supported domains for GA audience image | Active | Normal | Support request | 8.x-1.x-dev | Code | 6 | 4 months 3 weeks | 5 months 4 days | |
Better CSP support for themes | Active | Normal | Plan | 8.x-1.x-dev | Code | 5 | 5 months 1 week | 5 months 1 week | |
Allow script / style by nonce | Postponed | Normal | Feature request | 8.x-1.x-dev | Code | 13 | 5 months 2 weeks | 4 years 6 months | |
Make auto sources configurable | Reviewed & tested by the community | Normal | Feature request | 8.x-1.x-dev | Code | 12 | 6 months 3 weeks | 2 years 3 months | |
Provide help text on how to handle scheme sources like "blob:" | Active | Normal | Feature request | 8.x-1.x-dev | Documentation | 1 | 8 months 5 days | 8 months 5 days | |
Add utility methods for adding CSP information | Needs review | Normal | Feature request | 8.x-1.x-dev | Code | 4 | 2 years 4 months | 2 years 5 months |