Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.- Log in or register to create an issue
- Advanced search
| Title | Status | Priority | Category | Version | Component | Replies |
Last updated |
Assigned to | Created |
|---|---|---|---|---|---|---|---|---|---|
| Add Permissions Policy to configurable options | Reviewed & tested by the community | Normal | Feature request | 2.x-dev | Code | 39 | 3 days 14 hours | 5 years 6 months | |
| text about drupal 6 | Needs review | Minor | Bug report | 2.0.3 | Documentation | 5 | 5 days 1 hour | 6 months 3 weeks | |
| [META] Roadmap to new release | Active | Normal | Feature request | 2.x-dev | Code | 2 | 5 days 1 hour | 2 months 1 week | |
| Avoid using document.write('<!--'); | Reviewed & tested by the community | Normal | Task | 2.x-dev | Code | 42 | 2 weeks 1 day | 5 years 4 months | |
| Breaks sitemap.xml when JS +CSS + Noscript protection is enabled | Needs review | Normal | Bug report | 2.0.0 | Code | 11 | 2 weeks 1 day | 4 years 12 months | |
| Add support for the CSP worker-src directive | Closed (duplicate) | Normal | Feature request | 2.x-dev | Code | 6 | 2 weeks 2 days | 2 weeks 4 days | |
| Add support for the CSP worker-src directive | Reviewed & tested by the community | Normal | Feature request | 2.0.3 | Code | 9 | 2 weeks 2 days | 2 years 2 months | |
| Implement a "semi automatic" Nonce settings | Needs review | Normal | Feature request | 2.x-dev | Miscellaneous | 30 | 1 month 1 week | 4 years 7 months | |
| Add form-action directive | Reviewed & tested by the community | Normal | Feature request | 2.x-dev | Code | 23 | 1 month 3 weeks | 4 years 12 months | |
| Add Tugboat support | Needs review | Normal | Task | 2.x-dev | Code | 3 | 2 months 1 week | 2 months 1 week | |
| Add support for form-action directive | Closed (duplicate) | Normal | Feature request | 2.x-dev | Code | 8 | 2 months 1 week | 1 year 1 month | |
| fix gaps in automated test coverage | Needs review | Normal | Task | 2.0.3 | Code | 3 | 2 months 2 weeks | 2 months 2 weeks | |
| Add missing config schema definitions for X-XSS-Protection options in Seckit | Reviewed & tested by the community | Normal | Bug report | 2.0.3 | Code | 3 | 2 months 2 weeks | 5 months 4 weeks | |
| Support for configuring script-src-elem | Active | Normal | Feature request | 2.x-dev | Code | 6 | 2 months 3 weeks | 1 year 2 months | |
| ALLOW-FROM directive in x-frame-options is obsolete | Active | Normal | Bug report | 2.0.0 | Code | 5 | 3 months 3 days | 3 years 6 months | |
| Add support for the Cross-Origin-Opener-Policy (COOP) header | Reviewed & tested by the community | Normal | Feature request | 2.x-dev | Code | 6 | 3 months 3 weeks | 11 months 1 day | |
| Remove the term whitelist* from the module | Needs review | Normal | Task | 2.0.3 | Code | 13 | 4 months 1 day | 10 months 4 days | |
| Add trusted-type and require-trusted-type-for directives to the CSP | Needs review | Normal | Feature request | 2.x-dev | Code | 3 | 4 months 1 week | 4 months 1 week | |
| Support flood control for CSP violation reports | Needs work | Major | Task | 8.x-1.x-dev | Code | 66 | 4 months 2 weeks | kmoll | 10 years 2 months |
| Offering to co-maintain SecKit | Closed (fixed) | Normal | Support request | 2.x-dev | Miscellaneous | 7 | 4 months 2 weeks | 5 months 1 week | |
| Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML | Needs work | Normal | Bug report | 2.x-dev | Code | 24 | 4 months 3 weeks | 6 years 11 months | |
| noscript in head tag causing HTML Validation issues | Active | Major | Bug report | 2.0.0 | Code | 2 | 4 months 3 weeks | 4 years 2 weeks | |
| report-uri is deprecated | Needs work | Normal | Bug report | 2.x-dev | Code | 14 | 5 months 1 week | 3 years 1 month | |
| Add manifest-src | Needs work | Normal | Feature request | 2.0.0 | Code | 4 | 5 months 1 week | 5 years 2 months | |
| The base-uri policy is missing | Needs review | Normal | Bug report | 2.x-dev | Code | 42 | 5 months 1 week | 6 years 6 months | |
| Missing CSP directives | Closed (duplicate) | Normal | Feature request | 2.x-dev | Code | 4 | 5 months 1 week | 8 months 3 weeks | |
| Add support for form-action CSP directive | Closed (duplicate) | Normal | Feature request | 7.x-1.x-dev | Code | 5 | 5 months 1 week | 8 years 5 months | |
| Update CSP directives | Needs review | Normal | Feature request | 2.x-dev | Code | 10 | 7 months 2 weeks | 8 years 8 months | |
| JavaScript + CSS + Noscript protection can cause Javascript errors | Active | Normal | Bug report | 2.x-dev | Code | 2 | 8 months 1 day | 8 months 1 day | |
| CSP: Directive script-src-elem violated with googletagmanager | Reviewed & tested by the community | Normal | Support request | 2.x-dev | Code | 22 | 8 months 6 days | 5 years 2 months | |
| Store each CSP rule on a seperate line in config | Closed (duplicate) | Normal | Feature request | 2.x-dev | Code | 3 | 8 months 3 weeks | 2 years 1 month | |
| cspell issues reported in pipeline | Active | Normal | Task | 2.x-dev | Code | 4 | 10 months 4 days | 10 months 3 weeks | |
| Implement the script-src-attr policy | Needs review | Normal | Feature request | 2.x-dev | Code | 7 | 1 year 3 hours | 4 years 2 months | |
| Need to exclude admin path from applying the policies | Closed (won't fix) | Normal | Feature request | 2.x-dev | Code | 12 | 1 year 2 weeks | 2 years 1 month | |
| User interface improvements | Active | Minor | Feature request | 2.0.3 | User interface | 4 | 1 year 2 weeks | 1 year 1 month | |
| Offering to maintain Security Kit | Closed (outdated) | Normal | Support request | 2.x-dev | Miscellaneous | 11 | 1 year 3 weeks | 3 years 6 months | |
| Extend length of src fields | Needs review | Major | Feature request | 2.0.0 | Code | 9 | 1 year 4 weeks | 5 years 2 months | |
| Add support for form-action directive | Closed (duplicate) | Normal | Feature request | 2.x-dev | Code | 7 | 1 year 1 month | 1 year 1 month | |
| default-src has wrong description | Needs review | Major | Bug report | 2.x-dev | Documentation | 17 | 1 year 3 months | 5 years 4 months | |
| How to add all google tlds for CSP | Active | Normal | Support request | 2.0.0 | User interface | 10 | 1 year 3 months | 4 years 22 hours | |
| Google URL's are blocked. | Active | Major | Support request | 2.0.1 | Miscellaneous | 5 | 1 year 3 months | 2 years 4 months | |
| Permissions Policy Support | Closed (duplicate) | Normal | Feature request | 2.x-dev | Miscellaneous | 11 | 1 year 4 months | 5 years 4 months | |
| Change Feature Policy to Permissions Policy | Closed (won't fix) | Major | Feature request | 7.x-1.11 | Code | 6 | 1 year 4 months | souvik pal | 5 years 8 months |
| Seckit doesn´t work for Images, CSS, JS | Closed (works as designed) | Normal | Bug report | 2.0.3 | Code | 5 | 1 year 4 months | 1 year 4 months | |
| Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files. | Needs work | Normal | Bug report | 2.x-dev | Code | 9 | 1 year 6 months | 2 years 1 month | |
| /report-csp-violation throwing an error | Closed (works as designed) | Normal | Support request | 2.0.3 | Miscellaneous | 2 | 1 year 6 months | 1 year 6 months | |
| "Directive style-src-elem violated." | Needs review | Normal | Feature request | 7.x-1.x-dev | Code | 23 | 1 year 6 months | 5 years 9 months | |
| Allow certain paths to be excluded from the Origin check (patch included) | Needs review | Normal | Feature request | 2.0.0 | Code | 4 | 1 year 6 months | 5 years 3 months | |
| Add worker-src | Reviewed & tested by the community | Normal | Feature request | 7.x-1.x-dev | Code | 12 | 1 year 6 months | 3 years 10 months | |
| Dispatch an event when there is a CSP violation | Needs review | Normal | Feature request | 2.x-dev | Code | 3 | 1 year 6 months | 1 year 6 months |
Pages
Subscribe with RSS 