Documentation Required Language Change PR-4.0-dev ? ?

Pending

User tests: Successful: Unsuccessful:

avatar zero-24
zero-24
4 May 2021

Summary of Changes

After discussions within Production it has been decided today (official note will be included in the upcomming meeting minutes) to drop com_csp from Joomla 4.0 and move the "manuall" CSP settings back to the Plugin. While it could be re-implemented in a future version.
This PR now does that by removing the backend and frontend code of com_csp as well as install and update sql logic stuff.

With that removal the collection and autogeneration of CSP rules will be gone from Joomla 4.0 but the Plugin will still allow to setup the CSP rules.

Testing Instructions

Test Case #1

Test Case #2

Actual result BEFORE applying this Pull Request

com_csp is there

Expected result AFTER applying this Pull Request

com_csp is gone

Documentation Changes Required

  • The docs pages for the component and the options page needs to be removed
  • The existing doc page needs to be adjusted and updated with the changes done here.

B/C implications

With the removal of com_csp the auto generated csp rules are gone and they will not be migrated, please extract them before you install the update that drops this feature and set it as Forced HTTP Header or via the new setting implmented here.

Personal note

I would like to thank all the people that helped to get to this feature to this place specificly @yvesh and @SniperSister who worked together with me to bring that idea to live. As well as all the other people who put work and effort into extending and improving the current implementation until now. I personally still think this is an important feature to the CMS but I will follow the decision taken by Production.

avatar zero-24 zero-24 - open - 4 May 2021
avatar zero-24 zero-24 - change - 4 May 2021
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 4 May 2021
Category Repository Administration com_admin SQL Postgresql com_csp com_menus Language & Strings
avatar zero-24 zero-24 - change - 4 May 2021
Title
[4.0] Remove com_csp and move the CSP configuration to the httpHeaders plugin
[4.0] Remove com_csp and move the CSP configuration to the HttpHeaders plugin
avatar zero-24 zero-24 - edited - 4 May 2021
avatar zero-24 zero-24 - change - 4 May 2021
Labels Added: Documentation Required Language Change PR-4.0-dev ?
avatar zero-24 zero-24 - change - 4 May 2021
The description was changed
avatar zero-24 zero-24 - edited - 4 May 2021
avatar zero-24 zero-24 - change - 4 May 2021
The description was changed
avatar zero-24 zero-24 - edited - 4 May 2021
avatar brianteeman
brianteeman - comment - 4 May 2021

When this is removed the helpTOC script will need to be rerun

avatar zero-24 zero-24 - change - 4 May 2021
Labels Added: ?
Removed: ?
avatar richard67
richard67 - comment - 4 May 2021

The removal of the files vis the script.php should be part of the build script and is not added here in for that reason.

If so, it has to be done also before the next J4 release (Beta or RC, whatever it will be ;-) ).

In order not to miss that I'd prefer it to be done with this PR, since the files and folder removal in script.php has just recently been updated after the upmerge so it is ready for release, except of changes due to this PR here. Or @wilsonge gives me enough time to do it after the merge of this PR and before the release, so I can do it using the script.

avatar brianteeman
brianteeman - comment - 5 May 2021

100% agree with @richard67

avatar brianteeman
brianteeman - comment - 5 May 2021

Please remove

MOD_MENU_MANAGE_CSP="Content Security Policy"

avatar sandewt
sandewt - comment - 5 May 2021
avatar richard67
richard67 - comment - 5 May 2021

@sandewt The links might be outdated due to new commits to this PR. You can find the right links when going down to the bottom, using the "Show all checks" to expand the CI checks, then follow the "Details" link at the right side of the "Downloads" step. There you can find the link to the full installation package for the 1st test and the link to a custom update URL which you can use for the 2nd test.

avatar richard67
richard67 - comment - 5 May 2021

@sandewt Please wait a bit with testing, the PR will receive an update soon, and then new packages will be built again.

@sanderpotjer Sorry, ignore the notification, I mentioned you by accident.

avatar sandewt
sandewt - comment - 5 May 2021

@sandewt The links might be outdated due to new co...

Thanks @richard67, I found the package(s).

Following question, how to install 4.0.0beta7 ?

avatar zero-24 zero-24 - change - 5 May 2021
Labels Added: ?
Removed: ?
avatar zero-24
zero-24 - comment - 5 May 2021

Following question, how to install 4.0.0beta7 ?

https://github.com/joomla/joomla-cms/releases/tag/4.0.0-beta7

avatar zero-24 zero-24 - change - 5 May 2021
The description was changed
avatar zero-24 zero-24 - edited - 5 May 2021
avatar richard67
richard67 - comment - 5 May 2021

@sandewt The PR meanwhile is ready again for testing. You have to get the new packages because there have been changes.

avatar sandewt sandewt - test_item - 5 May 2021 - Tested successfully
avatar sandewt
sandewt - comment - 5 May 2021

I have tested this item successfully on f5cf7fe

Test Case #1 is OK
Test Case #2 is OK

Didn't look / did nothing with the B/C implications !?


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/33550.
avatar ReLater
ReLater - comment - 5 May 2021

Bad news. Thank you for your efforts concerning com_csp @zero-24 et al.

avatar zero-24 zero-24 - change - 5 May 2021
Labels Added: ?
Removed: ?
avatar zero-24
zero-24 - comment - 5 May 2021

Please remove

MOD_MENU_MANAGE_CSP="Content Security Policy"

Sorry i have missed that comment yesterday. Its done now: ea24029

avatar richard67 richard67 - alter_testresult - 6 May 2021 - sandewt: Tested successfully
avatar richard67
richard67 - comment - 6 May 2021

I've restored @sandewt 's test result in the issue tracker so it's properly counted, since the commit which has invalidated the test result was just a removal of an unused language string.

avatar richard67 richard67 - change - 6 May 2021
Labels Added: ?
Removed: ?
avatar richard67 richard67 - alter_testresult - 6 May 2021 - sandewt: Tested successfully
avatar sandewt
sandewt - comment - 6 May 2021

Didn't look / did nothing with the B/C implications !?

@zero-24 Is this allowed for the test?

avatar zero-24
zero-24 - comment - 6 May 2021

Didn't look / did nothing with the B/C implications !?

@zero-24 Is this allowed for the test?

Yes it is just for the information. Given that there is no stable version of that feature shipped i dont see an issue here.

avatar Quy Quy - test_item - 6 May 2021 - Tested successfully
avatar Quy
Quy - comment - 6 May 2021

I have tested this item successfully on d4866ed


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/33550.

avatar Quy Quy - change - 6 May 2021
Status Pending Ready to Commit
avatar Quy
Quy - comment - 6 May 2021

RTC


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/33550.

avatar rdeutz rdeutz - change - 7 May 2021
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2021-05-07 07:05:34
Closed_By rdeutz
Labels Added: ? ?
Removed: ?
avatar rdeutz rdeutz - close - 7 May 2021
avatar rdeutz rdeutz - merge - 7 May 2021
avatar zero-24
zero-24 - comment - 7 May 2021

Thanks for testing and merging here. 👍

avatar richard67
richard67 - comment - 13 May 2021

Silly me: When reviewing especially the SQL parts of this PR, I have not noticed that the "#__csp" table hasn't been removed from the "supports.sql" files so it is still created on new installations. Am just preparing the PR to fix that.

avatar richard67
richard67 - comment - 13 May 2021

See #33835 .

Add a Comment

Login with GitHub to post a comment