Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#24674] - [4.0] System - HTTP Headers - Write headers to the configuration file

? ? ? Pending

User tests: Successful: Unsuccessful:

avatar zero-24
zero-24
21 Apr 2019

Summary of Changes

  • Adds the new option Write headers to the configuration file (source zero-24/plg_system_httpheader#6)
  • restructure the plugin
  • cleaup xml, doc blocks and php code

Testing Instructions

Test Write headers to the configuration file

  • Install Joomla 4.0
  • apply this patch
  • go to the plugin config
  • enable the new option Write headers to the configuration file
  • save the plugin
  • check the content of the .htaccess | web.config file
  • change the static header configurations
  • save the plugin
  • check the .htaccess | web.config file

Test the CSP Component Integration

  • go to com_csp
  • enable the detect option
  • visit the backend and frontend
  • notice the collected reports
  • publish some of the reports
  • enable the auto mode from the options (keep it report only for now :D)
  • check the now generated csp header
  • enable the custom mode
  • configure a custom rule (adding script-src 'nonce-{nonce}' as minimum)
  • check that {nonce} has been replaced by the actual nonce

Expected result

The static headers are written to the respective server config file

Actual result

This option does not exists

Documentation Changes Required

  • Update Screenshots (Plugin and Component options)
  • Add new option description

https://docs.joomla.org/J4.x:Http_Header_Management

9f77aed 21 Apr 2019 avatar zero-24 xml
59bc78f 21 Apr 2019 avatar zero-24 nonce
avatar zero-24 zero-24 - open - 21 Apr 2019
avatar zero-24 zero-24 - change - 21 Apr 2019
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 21 Apr 2019
Category Administration com_csp Language & Strings Front End Plugins
d88c993 21 Apr 2019 avatar zero-24 phpcs
avatar zero-24 zero-24 - change - 21 Apr 2019
Labels Added: ? ? ?
1dbb17b 21 Apr 2019 avatar zero-24 phpcs
avatar zero-24
zero-24 - comment - 16 Jun 2019

@wilsonge I would like to add yet another feature that sets the frame-ancestors directive when enabled can you give me a status how do you want to handle this PR?

avatar zero-24
zero-24 - comment - 16 Jun 2019

And I have been asked by @SniperSister to work on an approach for hash based whitlisting too, wich would massive conflict with this PR here too.

avatar zero-24
zero-24 - comment - 3 Jul 2019

Any update @wilsonge ?

avatar wilsonge wilsonge - close - 25 Jul 2019
avatar wilsonge wilsonge - merge - 25 Jul 2019
avatar wilsonge wilsonge - change - 25 Jul 2019
Status Pending Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2019-07-25 06:39:48
Closed_By wilsonge
avatar wilsonge
wilsonge - comment - 25 Jul 2019

Thanks!

avatar zero-24
zero-24 - comment - 27 Jul 2019

Great, thanks ?

avatar brianteeman
brianteeman - comment - 27 Jul 2019

This should not have been merged #25713 (comment)

avatar zero-24
zero-24 - comment - 5 Aug 2019

Removing the documentation required label as this feature is about to be removed here: #25754

Add a Comment

Login with GitHub to post a comment