Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.- Log in or register to create an issue
- Advanced search
| Title | Status | Priority | Category | Version | Component | Replies |
Last updated |
Assigned to | Created |
|---|---|---|---|---|---|---|---|---|---|
| Add Permissions Policy to configurable options | Reviewed & tested by the community | Normal | Feature request | 2.x-dev | Code | 39 | 2 days 23 hours | 5 years 6 months | |
| text about drupal 6 | Needs review | Minor | Bug report | 2.0.3 | Documentation | 5 | 4 days 10 hours | 6 months 3 weeks | |
| [META] Roadmap to new release | Active | Normal | Feature request | 2.x-dev | Code | 2 | 4 days 10 hours | 2 months 1 week | |
| Avoid using document.write('<!--'); | Reviewed & tested by the community | Normal | Task | 2.x-dev | Code | 42 | 2 weeks 14 hours | 5 years 4 months | |
| Breaks sitemap.xml when JS +CSS + Noscript protection is enabled | Needs review | Normal | Bug report | 2.0.0 | Code | 11 | 2 weeks 17 hours | 4 years 12 months | |
| Add support for the CSP worker-src directive | Reviewed & tested by the community | Normal | Feature request | 2.0.3 | Code | 9 | 2 weeks 1 day | 2 years 2 months | |
| Implement a "semi automatic" Nonce settings | Needs review | Normal | Feature request | 2.x-dev | Miscellaneous | 30 | 1 month 1 week | 4 years 7 months | |
| Add form-action directive | Reviewed & tested by the community | Normal | Feature request | 2.x-dev | Code | 23 | 1 month 3 weeks | 4 years 12 months | |
| Add Tugboat support | Needs review | Normal | Task | 2.x-dev | Code | 3 | 2 months 1 week | 2 months 1 week | |
| fix gaps in automated test coverage | Needs review | Normal | Task | 2.0.3 | Code | 3 | 2 months 2 weeks | 2 months 2 weeks | |
| Add missing config schema definitions for X-XSS-Protection options in Seckit | Reviewed & tested by the community | Normal | Bug report | 2.0.3 | Code | 3 | 2 months 2 weeks | 5 months 3 weeks | |
| Support for configuring script-src-elem | Active | Normal | Feature request | 2.x-dev | Code | 6 | 2 months 3 weeks | 1 year 2 months | |
| ALLOW-FROM directive in x-frame-options is obsolete | Active | Normal | Bug report | 2.0.0 | Code | 5 | 3 months 3 days | 3 years 6 months | |
| Add support for the Cross-Origin-Opener-Policy (COOP) header | Reviewed & tested by the community | Normal | Feature request | 2.x-dev | Code | 6 | 3 months 3 weeks | 11 months 14 hours | |
| Remove the term whitelist* from the module | Needs review | Normal | Task | 2.0.3 | Code | 13 | 4 months 18 hours | 10 months 3 days | |
| Add trusted-type and require-trusted-type-for directives to the CSP | Needs review | Normal | Feature request | 2.x-dev | Code | 3 | 4 months 1 week | 4 months 1 week | |
| Support flood control for CSP violation reports | Needs work | Major | Task | 8.x-1.x-dev | Code | 66 | 4 months 2 weeks | kmoll | 10 years 2 months |
| Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML | Needs work | Normal | Bug report | 2.x-dev | Code | 24 | 4 months 3 weeks | 6 years 11 months | |
| noscript in head tag causing HTML Validation issues | Active | Major | Bug report | 2.0.0 | Code | 2 | 4 months 3 weeks | 4 years 2 weeks | |
| report-uri is deprecated | Needs work | Normal | Bug report | 2.x-dev | Code | 14 | 5 months 1 week | 3 years 1 month | |
| Add manifest-src | Needs work | Normal | Feature request | 2.0.0 | Code | 4 | 5 months 1 week | 5 years 2 months | |
| The base-uri policy is missing | Needs review | Normal | Bug report | 2.x-dev | Code | 42 | 5 months 1 week | 6 years 6 months | |
| Update CSP directives | Needs review | Normal | Feature request | 2.x-dev | Code | 10 | 7 months 2 weeks | 8 years 8 months | |
| JavaScript + CSS + Noscript protection can cause Javascript errors | Active | Normal | Bug report | 2.x-dev | Code | 2 | 8 months 18 hours | 8 months 18 hours | |
| CSP: Directive script-src-elem violated with googletagmanager | Reviewed & tested by the community | Normal | Support request | 2.x-dev | Code | 22 | 8 months 5 days | 5 years 2 months | |
| cspell issues reported in pipeline | Active | Normal | Task | 2.x-dev | Code | 4 | 10 months 3 days | 10 months 3 weeks | |
| Implement the script-src-attr policy | Needs review | Normal | Feature request | 2.x-dev | Code | 7 | 12 months 4 days | 4 years 2 months | |
| User interface improvements | Active | Minor | Feature request | 2.0.3 | User interface | 4 | 1 year 2 weeks | 1 year 1 month | |
| Extend length of src fields | Needs review | Major | Feature request | 2.0.0 | Code | 9 | 1 year 4 weeks | 5 years 2 months | |
| default-src has wrong description | Needs review | Major | Bug report | 2.x-dev | Documentation | 17 | 1 year 3 months | 5 years 4 months | |
| How to add all google tlds for CSP | Active | Normal | Support request | 2.0.0 | User interface | 10 | 1 year 3 months | 4 years 7 hours | |
| Google URL's are blocked. | Active | Major | Support request | 2.0.1 | Miscellaneous | 5 | 1 year 3 months | 2 years 4 months | |
| Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files. | Needs work | Normal | Bug report | 2.x-dev | Code | 9 | 1 year 6 months | 2 years 1 month | |
| "Directive style-src-elem violated." | Needs review | Normal | Feature request | 7.x-1.x-dev | Code | 23 | 1 year 6 months | 5 years 9 months | |
| Allow certain paths to be excluded from the Origin check (patch included) | Needs review | Normal | Feature request | 2.0.0 | Code | 4 | 1 year 6 months | 5 years 3 months | |
| Add worker-src | Reviewed & tested by the community | Normal | Feature request | 7.x-1.x-dev | Code | 12 | 1 year 6 months | 3 years 10 months | |
| Dispatch an event when there is a CSP violation | Needs review | Normal | Feature request | 2.x-dev | Code | 3 | 1 year 6 months | 1 year 6 months | |
| Missing container invalidation update from issue modifying services | Active | Normal | Bug report | 2.x-dev | Code | 8 | 1 year 8 months | 1 year 9 months | |
| Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set | Needs review | Normal | Bug report | 2.0.1 | Code | 9 | 1 year 8 months | 2 years 5 months | |
| Provide hook_seckit_options_alter() D8 | Needs review | Major | Feature request | 2.0.3 | Code | 26 | 1 year 8 months | 9 years 4 months | |
| Update summary on project page for compatibility with Project Browser | Active | Normal | Task | 2.0.3 | Miscellaneous | 1 | 1 year 8 months | 1 year 8 months | |
| Update logo for compatibility with Project Browser | Active | Normal | Task | 2.0.3 | Miscellaneous | 1 | 1 year 8 months | 1 year 8 months | |
| Modernize services: Add autowiring aliases, use autoconfigure, etc | Needs review | Normal | Task | 2.x-dev | Code | 6 | 1 year 9 months | 1 year 9 months | |
| Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on | Active | Normal | Bug report | 2.0.1 | Code | 2 | 1 year 9 months | hetalsagar | 1 year 9 months |
| Silent mode for CSP reporting | Active | Normal | Feature request | 2.x-dev | Code | 4 | 1 year 9 months | 4 years 1 month | |
| Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts | Needs review | Normal | Feature request | 2.x-dev | Code | 13 | 1 year 9 months | 2 years 7 months | |
| Drupal 9.1 Deprecated Code Report | Reviewed & tested by the community | Normal | Task | 2.x-dev | Code | 17 | 2 years 22 hours | sourabhjain | 5 years 5 months |
| Question about HSTS max-age | Active | Normal | Support request | 2.0.1 | Miscellaneous | 2 | 2 years 1 week | 2 years 2 months | |
| Add phpcs and drupal-check fixes | Needs review | Normal | Task | 2.x-dev | Code | 34 | 2 years 1 month | 4 years 3 months | |
| t() calls should be avoided in classes. | Needs review | Normal | Task | 2.0.1 | Code | 2 | 2 years 3 months | 2 years 3 months |
Pages
Subscribe with RSS 