Issues for Security Kit

Log in or register to create an issue
Advanced search

Version

Displaying 1 - 50 of 115

Title	Status	Priority	Category	Version	Component	Replies	Last updated	Assigned to	Created
CSP: Directive script-src-elem violated with googletagmanager	Reviewed & tested by the community	Normal	Support request	2.x-dev	Code	15	3 days 23 hours		3 years 3 days
Support flood control for CSP violation reports	Needs work	Major	Task	8.x-1.x-dev	Code	63	5 days 14 hours	kmoll	8 years 3 weeks
Permissions Policy Support	Needs work	Normal	Feature request	2.x-dev	Miscellaneous	10	1 week 1 day		3 years 2 months
Provide hook_seckit_options_alter() D8	Reviewed & tested by the community	Major	Feature request	2.x-dev	Code	20	1 week 1 day		7 years 3 months
Avoid using document.write('<!--');	Needs review	Normal	Task	2.x-dev	Code	25	1 week 5 days		3 years 2 months
Add worker-src	Active	Normal	Feature request	2.0.1	Code	2	2 weeks 6 days		2 weeks 6 days
Automated Drupal 11 compatibility fixes for seckit	Needs review	Normal	Task	2.0.1	Code	3	3 weeks 1 day		3 weeks 1 day
Question about HSTS max-age	Active	Normal	Support request	2.0.1	Miscellaneous	1	3 weeks 4 days		3 weeks 4 days
t() calls should be avoided in classes.	Needs review	Normal	Task	2.0.1	Code	2	1 month 5 days		1 month 5 days
Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts	Needs review	Normal	Feature request	2.x-dev	Code	11	1 month 6 days		6 months 2 days
\Drupal calls should be avoided in classes, use dependency injection instead	Needs review	Normal	Task	2.0.1	Code	2	1 month 6 days		1 month 6 days
Breaks sitemap.xml when JS +CSS + Noscript protection is enabled	Needs review	Normal	Bug report	2.0.0	Code	6	1 month 1 week		2 years 10 months
Add phpcs and drupal-check fixes	Needs review	Normal	Task	2.x-dev	Code	32	1 month 1 week		2 years 1 month
Change Feature Policy to Permissions Policy (D8/D9)	Needs work	Normal	Feature request	2.x-dev	Code	26	2 months 2 hours		3 years 4 months
Add Gitlab CI	Needs work	Normal	Task	2.x-dev	Code	4	2 months 2 days		2 months 1 week
Misleading recommendation for CSP directive "frame-src"	Reviewed & tested by the community	Normal	Task	7.x-1.x-dev	Documentation	4	2 months 1 week		12 months 3 days
Fix D7 Forms API syntax	Reviewed & tested by the community	Normal	Bug report	7.x-1.x-dev	Code	4	2 months 1 week		8 months 3 weeks
Google URL's are blocked.	Active	Major	Support request	2.0.1	Miscellaneous	1	2 months 2 weeks		2 months 2 weeks
Add support for setting referer policy from route in issue #3027122	Needs work	Normal	Feature request	2.x-dev	Code	3	2 months 3 weeks	gordon	2 years 8 months
Lottie files / base64 encoding	Active	Normal	Support request	7.x-1.11	Miscellaneous	2	2 months 4 weeks		1 year 1 month
Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set	Needs review	Normal	Bug report	2.0.1	Code	4	3 months 1 day		3 months 3 days
Add form-action directive	Needs review	Normal	Feature request	2.0.0	Code	18	3 months 1 week		2 years 10 months
Uncaught DOMException: Permission denied to access property "hostname" on cross-origin object	Active	Critical	Support request	2.0.1	Code	5	4 months 3 days		5 months 1 week
Add a reference to csp_log in documentation	Active	Minor	Task	2.0.1	Documentation	1	4 months 2 weeks		4 months 2 weeks
Drupal calls should be avoided in classes, use dependency injection instead	Needs review	Normal	Task	2.0.0	Code	5	5 months 1 week		5 months 2 weeks
How to set httpOnly flag on cookies?	Needs review	Normal	Support request	2.0.1	Documentation	5	5 months 2 weeks		5 months 2 weeks
Drupal 9.1 Deprecated Code Report	Needs review	Normal	Task	2.x-dev	Code	16	8 months 2 weeks	sourabhjain	3 years 3 months
default-src has wrong description	Needs work	Major	Bug report	2.x-dev	Documentation	14	8 months 2 weeks		3 years 2 months
report-uri is deprecated	Active	Normal	Bug report	2.0.1	Code	3	8 months 3 weeks		11 months 4 weeks
Implement a "semi automatic" Nonce settings	Needs work	Normal	Feature request	2.0.0	Miscellaneous	19	8 months 3 weeks		2 years 5 months
The base-uri policy is missing	Needs review	Normal	Bug report	2.x-dev	Code	35	8 months 3 weeks		4 years 4 months
Add support for form-action CSP directive	Active	Normal	Feature request	7.x-1.x-dev	Code	3	8 months 3 weeks		6 years 3 months
"Directive style-src-elem violated."	Needs review	Normal	Feature request	7.x-1.x-dev	Code	16	8 months 3 weeks		3 years 7 months
Add worker-src	Needs review	Normal	Feature request	7.x-1.x-dev	Code	11	8 months 3 weeks		1 year 8 months
Remove type="text/javascript" from <script> tag	Needs review	Normal	Task	2.0.1	Code	6	9 months 3 weeks		9 months 4 weeks
Deprecated Feature Used Expect-CT header	Needs review	Normal	Bug report	2.x-dev	Code	3	10 months 2 weeks		1 year 5 months
Update CSP directives	Needs review	Normal	Feature request	2.0.1	Code	6	11 months 3 weeks		6 years 6 months
Extend length of src fields	Needs review	Major	Feature request	2.0.0	Code	6	11 months 3 weeks		3 years 2 weeks
Add manifest-src	Active	Normal	Feature request	2.0.0	Code	2	12 months 3 days		3 years 2 weeks
Add 'Disable Security Kit' option back	Active	Normal	Feature request	2.x-dev	User interface	1	12 months 4 days		12 months 4 days
Strict-Transport-Security is not changing	Active	Major	Bug report	2.0.1	Code	1	1 year 5 hours		1 year 5 hours
ALLOW-FROM directive in x-frame-options is obsolete	Active	Normal	Bug report	2.0.0	Code	3	1 year 2 weeks		1 year 5 months
Offering to maintain Security Kit	Active	Normal	Support request	2.x-dev	Miscellaneous	10	1 year 1 month		1 year 4 months
Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML	Needs work	Normal	Bug report	2.x-dev	Code	22	1 year 1 month		4 years 9 months
Deprecate / Remove Content Security Policy configuration in favour of Content Security Policy module	Active	Normal	Plan	8.x-1.x-dev	Code	4	1 year 2 months		5 years 10 months
Reverse proxies and load balancers can add security headers too. Document that fact in the UI.	Active	Normal	Task	2.x-dev	User interface	2	1 year 3 months		1 year 3 months
How to add all google tlds for CSP	Active	Normal	Support request	2.0.0	User interface	8	1 year 4 months		1 year 10 months
CSP policy-uri field does nothing	Active	Normal	Bug report	2.x-dev	Code	3	1 year 7 months		1 year 7 months
Problems with redirect www to non-www	Active	Normal	Bug report	2.0.0	Code	1	1 year 7 months		1 year 7 months
Cross Origin Frame Issue	Active	Major	Support request	2.x-dev	Documentation	2	1 year 8 months		1 year 8 months

Pages

Subscribe with RSS