Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.- Log in or register to create an issue
- Advanced search
| Title | Status | Priority | Category | Version | Component | Replies |
Last updated |
Assigned to | Created |
|---|---|---|---|---|---|---|---|---|---|
| text about drupal 6 | Needs review | Minor | Bug report | 2.0.3 | Documentation | 5 | 10 hours 8 min | 6 months 2 weeks | |
| Breaks sitemap.xml when JS +CSS + Noscript protection is enabled | Needs review | Normal | Bug report | 2.0.0 | Code | 11 | 1 week 3 days | 4 years 11 months | |
| Add missing config schema definitions for X-XSS-Protection options in Seckit | Reviewed & tested by the community | Normal | Bug report | 2.0.3 | Code | 3 | 2 months 2 weeks | 5 months 3 weeks | |
| ALLOW-FROM directive in x-frame-options is obsolete | Active | Normal | Bug report | 2.0.0 | Code | 5 | 2 months 4 weeks | 3 years 6 months | |
| Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML | Needs work | Normal | Bug report | 2.x-dev | Code | 24 | 4 months 2 weeks | 6 years 11 months | |
| noscript in head tag causing HTML Validation issues | Active | Major | Bug report | 2.0.0 | Code | 2 | 4 months 2 weeks | 4 years 2 weeks | |
| report-uri is deprecated | Needs work | Normal | Bug report | 2.x-dev | Code | 14 | 5 months 3 days | 3 years 1 month | |
| The base-uri policy is missing | Needs review | Normal | Bug report | 2.x-dev | Code | 42 | 5 months 3 days | 6 years 6 months | |
| JavaScript + CSS + Noscript protection can cause Javascript errors | Active | Normal | Bug report | 2.x-dev | Code | 2 | 7 months 3 weeks | 7 months 3 weeks | |
| default-src has wrong description | Needs review | Major | Bug report | 2.x-dev | Documentation | 17 | 1 year 3 months | 5 years 4 months | |
| Seckit doesn´t work for Images, CSS, JS | Closed (works as designed) | Normal | Bug report | 2.0.3 | Code | 5 | 1 year 4 months | 1 year 4 months | |
| Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files. | Needs work | Normal | Bug report | 2.x-dev | Code | 9 | 1 year 5 months | 2 years 1 month | |
| Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on | Closed (fixed) | Normal | Bug report | 2.0.2 | Code | 15 | 1 year 7 months | hetalsagar | 1 year 9 months |
| Missing container invalidation update from issue modifying services | Active | Normal | Bug report | 2.x-dev | Code | 8 | 1 year 8 months | 1 year 9 months | |
| Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set | Needs review | Normal | Bug report | 2.0.1 | Code | 9 | 1 year 8 months | 2 years 4 months | |
| php error | Closed (duplicate) | Normal | Bug report | 2.0.3 | Code | 2 | 1 year 8 months | ngruendel | 1 year 8 months |
| Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on | Active | Normal | Bug report | 2.0.1 | Code | 2 | 1 year 9 months | hetalsagar | 1 year 9 months |
| No values in X-XSS-Protection Header select box | Closed (fixed) | Minor | Bug report | 2.x-dev | User interface | 20 | 1 year 11 months | 7 years 12 months | |
| Fix D7 Forms API syntax | Reviewed & tested by the community | Normal | Bug report | 7.x-1.x-dev | Code | 4 | 2 years 4 months | 2 years 10 months | |
| JS/CSS/Noscript code gets added twice to head on 404/403 pages | Closed (fixed) | Normal | Bug report | 2.x-dev | Code | 9 | 2 years 10 months | 6 years 6 months | |
| Minor Typo in SecKitEventSubscriber.php File | Closed (fixed) | Normal | Bug report | 2.x-dev | Code | 11 | 2 years 10 months | 5 years 5 months | |
| seckit/listener library incorrectly defined | Closed (fixed) | Normal | Bug report | 2.x-dev | Code | 4 | 2 years 10 months | 2 years 10 months | |
| style-src key missing in seckit.settings.yml | Closed (fixed) | Minor | Bug report | 2.x-dev | Code | 7 | 2 years 10 months | 2 years 12 months | |
| Illegal choice 0 in Configure element. | Closed (duplicate) | Normal | Bug report | 2.x-dev | Code | 8 | 2 years 10 months | 5 years 10 months | |
| Deprecated Feature Used Expect-CT header | Needs review | Normal | Bug report | 2.x-dev | Code | 3 | 3 years 1 week | 3 years 7 months | |
| Expect-CT is deprecated; provide a warning or remove | Closed (duplicate) | Normal | Bug report | 2.x-dev | Code | 2 | 3 years 1 week | 3 years 4 months | |
| Strict-Transport-Security is not changing | Active | Major | Bug report | 2.0.1 | Code | 1 | 3 years 1 month | 3 years 1 month | |
| Blocked URI missing/empty in log entries | Closed (works as designed) | Normal | Bug report | 7.x-1.9 | Code | 6 | 3 years 2 months | 12 years 3 weeks | |
| Missing Strict-Transport-Security header | Closed (works as designed) | Normal | Bug report | 8.x-1.x-dev | Code | 4 | 3 years 2 months | 7 years 1 month | |
| CSP policy-uri field does nothing | Active | Normal | Bug report | 2.x-dev | Code | 3 | 3 years 8 months | 3 years 9 months | |
| Problems with redirect www to non-www | Active | Normal | Bug report | 2.0.0 | Code | 1 | 3 years 9 months | 3 years 9 months | |
| hook_seckit_options_alter not working | Closed (fixed) | Normal | Bug report | 7.x-1.x-dev | Code | 8 | 4 years 3 months | 10 years 11 months | |
| frame-ancestors not working? | Closed (outdated) | Normal | Bug report | 7.x-1.x-dev | Code | 3 | 4 years 4 months | 8 years 7 months | |
| Settings admin page broken | Active | Normal | Bug report | 2.0.0 | Miscellaneous | 2 | 4 years 6 months | 4 years 9 months | |
| Remove X-Content-Type-Options as core now emits that header | Closed (fixed) | Normal | Bug report | 8.x-1.x-dev | Code | 23 | 4 years 7 months | 8 years 2 months | |
| Update Manager Looking for Branch 2.0.x-dev | Needs review | Normal | Bug report | 2.x-dev | Code | 2 | 4 years 7 months | 4 years 7 months | |
| Missing module dependency, required for install from existing config | Needs review | Minor | Bug report | 2.x-dev | Code | 3 | 4 years 9 months | 4 years 9 months | |
| Module working fine in DEV and TEST but not in LIVE | Closed (cannot reproduce) | Normal | Bug report | 7.x-1.11 | User interface | 3 | 5 years 1 month | rony.j.samuel | 6 years 6 months |
| Seckit should invalidate cached pages when configuration changes | Active | Normal | Bug report | 2.0.0 | Code | 1 | 5 years 2 months | 5 years 2 months | |
| Dead link on the Configure the X-Frame-Options HTTP header section | Needs review | Minor | Bug report | 8.x-1.x-dev | Miscellaneous | 3 | 5 years 2 months | barone | 5 years 2 months |
| HSTS Over HTTP | Active | Minor | Bug report | 2.0.0 | Code | 3 | 5 years 4 months | 5 years 4 months | |
| JavaScript + CSS + Noscript protection still valid? | Needs work | Major | Bug report | 7.x-1.x-dev | Code | 19 | 5 years 5 months | 10 years 5 months | |
| Increase the field length for csp child-src and frame-src | Active | Normal | Bug report | 8.x-1.0-alpha1 | Code | 3 | 5 years 6 months | 6 years 11 months | |
| Change core_version_requirement for 2.0.0 | Closed (works as designed) | Normal | Bug report | 2.x-dev | Code | 2 | 5 years 7 months | 5 years 7 months | |
| Performance Issue | Active | Major | Bug report | 8.x-1.2 | Code | 7 | 5 years 8 months | 5 years 11 months | |
| X-XSS-Protection header value doubled up | Closed (works as designed) | Normal | Bug report | 7.x-1.11 | Miscellaneous | 2 | 5 years 9 months | 5 years 9 months | |
| Maxlength of CSRF origin_whitelist field is arbitrarily small. | Closed (outdated) | Normal | Bug report | 7.x-1.x-dev | Code | 5 | 6 years 3 weeks | 6 years 7 months | |
| Multiple domain Allow-From header is incorrect - Warning: Header may not contain more than a single header, new line detected in Symfony\Component\HttpFoundation\Response->sendHeaders() | Active | Normal | Bug report | 8.x-1.x-dev | Code | 4 | 6 years 7 months | 8 years 4 months | |
| comment not closed in test | Active | Normal | Bug report | 8.x-1.2 | Code | 2 | 6 years 8 months | 6 years 8 months | |
| Add support for "1; report=<reporting-URI>" to X-XSS-Protection | Active | Minor | Bug report | 8.x-1.x-dev | Code | 4 | 6 years 10 months | 7 years 2 months |
Pages
Subscribe with RSS 