[Phpmyadmin-devel] Content-Security-Policy headers
piotr.prz at gmail.com
Sun Sep 25 17:37:56 CEST 2011
2011/9/25 Marc Delisle <marc at infomarc.info>:
> Le 2011-09-25 06:18, Marc Delisle a écrit :
>> Le 2011-09-24 14:30, Rouslan Placella a écrit :
>>> On Sat, 2011-09-24 at 10:54 -0400, Marc Delisle wrote:
>>>> In the 3.4 family (QA_3_4) running on my test server, when testing the
>>>> Designer and clicking on "Show/hide left menu", nothing happens except
>>>> that my Firefox 6 console complains about a Content Security Policy
>>>> On the same server, trying version 3.5 (master) works fine. Both version
>>>> have in libraries/header_http.inc.php the line that emits a
>>>> X-Content-Security-Policy header.
>>>> In 3.4, if I remove this line, all works fine.
>>> Yes, I can reproduce this, exactly as you have described it.
>>> [PHP 5.3.5, Firefox 6.0.2, Ubuntu 11.04]
>> Thanks. I just noticed that it has been reported in the bug tracker:
>> A remark in the artifact made me test this bug under IE 8 and there is
>> no problem; it probably does not care about this header.
> any idea about this issue?
> (see commit 612598fe7fbc6c6cf6305a798e9b48b435ea7a91)
Looks like it's caused by CSP specs change:
Instead of changing our security policy I removed all remaining
More information about the Developers