Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.- Log in or register to create an issue
- Advanced search
| Title | Status | Priority | Category | Version | Component | Replies |
Last updated |
Assigned to | Created |
|---|---|---|---|---|---|---|---|---|---|
| text about drupal 6 | Needs review | Minor | Bug report | 2.0.3 | Documentation | 5 | 4 days 39 min | 6 months 3 weeks | |
| Breaks sitemap.xml when JS +CSS + Noscript protection is enabled | Needs review | Normal | Bug report | 2.0.0 | Code | 11 | 2 weeks 7 hours | 4 years 12 months | |
| Add missing config schema definitions for X-XSS-Protection options in Seckit | Reviewed & tested by the community | Normal | Bug report | 2.0.3 | Code | 3 | 2 months 2 weeks | 5 months 3 weeks | |
| ALLOW-FROM directive in x-frame-options is obsolete | Active | Normal | Bug report | 2.0.0 | Code | 5 | 3 months 2 days | 3 years 6 months | |
| Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML | Needs work | Normal | Bug report | 2.x-dev | Code | 24 | 4 months 3 weeks | 6 years 11 months | |
| noscript in head tag causing HTML Validation issues | Active | Major | Bug report | 2.0.0 | Code | 2 | 4 months 3 weeks | 4 years 2 weeks | |
| report-uri is deprecated | Needs work | Normal | Bug report | 2.x-dev | Code | 14 | 5 months 6 days | 3 years 1 month | |
| The base-uri policy is missing | Needs review | Normal | Bug report | 2.x-dev | Code | 42 | 5 months 1 week | 6 years 6 months | |
| JavaScript + CSS + Noscript protection can cause Javascript errors | Active | Normal | Bug report | 2.x-dev | Code | 2 | 8 months 8 hours | 8 months 8 hours | |
| default-src has wrong description | Needs review | Major | Bug report | 2.x-dev | Documentation | 17 | 1 year 3 months | 5 years 4 months | |
| Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files. | Needs work | Normal | Bug report | 2.x-dev | Code | 9 | 1 year 6 months | 2 years 1 month | |
| Missing container invalidation update from issue modifying services | Active | Normal | Bug report | 2.x-dev | Code | 8 | 1 year 8 months | 1 year 9 months | |
| Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set | Needs review | Normal | Bug report | 2.0.1 | Code | 9 | 1 year 8 months | 2 years 5 months | |
| Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on | Active | Normal | Bug report | 2.0.1 | Code | 2 | 1 year 9 months | hetalsagar | 1 year 9 months |
| Fix D7 Forms API syntax | Reviewed & tested by the community | Normal | Bug report | 7.x-1.x-dev | Code | 4 | 2 years 4 months | 2 years 10 months | |
| Deprecated Feature Used Expect-CT header | Needs review | Normal | Bug report | 2.x-dev | Code | 3 | 3 years 1 week | 3 years 7 months | |
| Strict-Transport-Security is not changing | Active | Major | Bug report | 2.0.1 | Code | 1 | 3 years 1 month | 3 years 1 month | |
| CSP policy-uri field does nothing | Active | Normal | Bug report | 2.x-dev | Code | 3 | 3 years 9 months | 3 years 9 months | |
| Problems with redirect www to non-www | Active | Normal | Bug report | 2.0.0 | Code | 1 | 3 years 9 months | 3 years 9 months | |
| Settings admin page broken | Active | Normal | Bug report | 2.0.0 | Miscellaneous | 2 | 4 years 6 months | 4 years 9 months | |
| Update Manager Looking for Branch 2.0.x-dev | Needs review | Normal | Bug report | 2.x-dev | Code | 2 | 4 years 7 months | 4 years 7 months | |
| Missing module dependency, required for install from existing config | Needs review | Minor | Bug report | 2.x-dev | Code | 3 | 4 years 9 months | 4 years 9 months | |
| Seckit should invalidate cached pages when configuration changes | Active | Normal | Bug report | 2.0.0 | Code | 1 | 5 years 2 months | 5 years 2 months | |
| Dead link on the Configure the X-Frame-Options HTTP header section | Needs review | Minor | Bug report | 8.x-1.x-dev | Miscellaneous | 3 | 5 years 2 months | barone | 5 years 2 months |
| HSTS Over HTTP | Active | Minor | Bug report | 2.0.0 | Code | 3 | 5 years 4 months | 5 years 4 months | |
| JavaScript + CSS + Noscript protection still valid? | Needs work | Major | Bug report | 7.x-1.x-dev | Code | 19 | 5 years 5 months | 10 years 5 months | |
| Increase the field length for csp child-src and frame-src | Active | Normal | Bug report | 8.x-1.0-alpha1 | Code | 3 | 5 years 6 months | 6 years 11 months | |
| Performance Issue | Active | Major | Bug report | 8.x-1.2 | Code | 7 | 5 years 8 months | 5 years 12 months | |
| Multiple domain Allow-From header is incorrect - Warning: Header may not contain more than a single header, new line detected in Symfony\Component\HttpFoundation\Response->sendHeaders() | Active | Normal | Bug report | 8.x-1.x-dev | Code | 4 | 6 years 8 months | 8 years 4 months | |
| comment not closed in test | Active | Normal | Bug report | 8.x-1.2 | Code | 2 | 6 years 8 months | 6 years 8 months | |
| Add support for "1; report=<reporting-URI>" to X-XSS-Protection | Active | Minor | Bug report | 8.x-1.x-dev | Code | 4 | 6 years 10 months | 7 years 2 months | |
| Null request object in response listener in SecKitEventSubscriber | Postponed (maintainer needs more info) | Normal | Bug report | 8.x-1.x-dev | Code | 3 | 7 years 3 months | 7 years 3 months | |
| get null setting on seckit_clickjacking.x_frame | Active | Normal | Bug report | 8.x-1.1 | Code | 1 | 7 years 6 months | 7 years 6 months | |
| SyntaxError: missing } after function body | Active | Normal | Bug report | 7.x-1.9 | Code | 3 | 7 years 9 months | 7 years 9 months | |
| More clearly explain which CSP options allow 'unsafe-inline' or 'unsafe-eval' | Active | Normal | Bug report | 7.x-1.x-dev | Documentation | 3 | 8 years 11 months | 9 years 4 months | |
| "Enable JavaScript + CSS + Noscript protection" is not compatible with IE10 | Needs work | Normal | Bug report | 7.x-1.9 | Code | 13 | 9 years 3 weeks | 11 years 7 months | |
| Config schema has wrong type for x_frame config item | Active | Normal | Bug report | 8.x-1.x-dev | Code | 1 | 9 years 2 months | kmoll | 9 years 2 months |
| Exclude SecKit protection from LABjs | Needs review | Normal | Bug report | 7.x-1.x-dev | Code | 10 | 9 years 4 months | 10 years 6 months |
Subscribe with RSS 