Page MenuHomePhabricator
Create Task
Maniphest T239069

Give MW a .htaccess in the images directory to mirror Wikimedia's CSP settings
Closed, ResolvedPublic
Actions

Description

Would be a good hardening step for people using MW with apache who have .htaccess enabled, once we have enabled our CSP and verified that it works well.

Details

Other Assignee
TheDJ
Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Set a CSP header to sandbox uploaded filesmediawiki/coremaster+89 -0
Fix @since for CSPUploadEntryPointmediawiki/coremaster+2 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

Bawolff created this task.Nov 25 2019, 9:48 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 25 2019, 9:48 AM
gerritbot added a comment.Nov 25 2019, 9:49 AM

Change 547930 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] [DNM] Set a CSP header to sandbox uploaded files

https://gerrit.wikimedia.org/r/547930

gerritbot added a project: Patch-For-Review.Nov 25 2019, 9:49 AM
Bawolff moved this task from Backlog to Wikimedia policy on the ContentSecurityPolicy board.Nov 25 2019, 9:52 AM
Bawolff triaged this task as Low priority.Nov 25 2019, 11:40 AM
Pppery edited projects, added: Patch-Needs-Improvement; removed: Patch-For-Review.Mar 27 2023, 2:08 AM
bd808 added a parent task: T28508: Content Security Policy (CSP).Jun 7 2023, 7:39 PM
TehKittyCat subscribed.Mar 4 2024, 2:21 AM
TheDJ added a parent task: T134482: Beta feature for opt-in client side SVG rendering.Mar 22 2024, 12:34 PM
gerritbot added a comment.Aug 5 2025, 4:45 PM

Change #547930 merged by jenkins-bot:

[mediawiki/core@master] Set a CSP header to sandbox uploaded files

https://gerrit.wikimedia.org/r/547930

ReleaseTaggerBot added a project: MW-1.45-notes (1.45.0-wmf.14; 2025-08-12).Aug 5 2025, 5:00 PM
Jdforrester-WMF closed this task as Resolved.Aug 7 2025, 6:56 AM
Jdforrester-WMF assigned this task to Bawolff.
A_smart_kitten added a project: MediaWiki-General.Aug 10 2025, 7:55 AM
A_smart_kitten removed a project: Patch-Needs-Improvement.Aug 10 2025, 8:15 AM
TheDJ reopened this task as Open.Aug 11 2025, 8:14 AM
TheDJ subscribed.

It seems it forgot to add the right version numbers to the php comments. Will fix later today.

gerritbot added a comment.Aug 11 2025, 6:24 PM

Change #1177458 had a related patch set uploaded (by TheDJ; author: TheDJ):

[mediawiki/core@master] Fix @since for CSPUploadEntryPoint

https://gerrit.wikimedia.org/r/1177458

gerritbot added a project: Patch-For-Review.Aug 11 2025, 6:24 PM
gerritbot added a comment.Aug 11 2025, 7:20 PM

Change #1177458 merged by jenkins-bot:

[mediawiki/core@master] Fix @since for CSPUploadEntryPoint

https://gerrit.wikimedia.org/r/1177458

A_smart_kitten closed this task as Resolved.Aug 13 2025, 2:26 PM
A_smart_kitten subscribed.

Optimistically re-resolving now that the follow-up patch has been merged :)

A_smart_kitten removed a project: Patch-For-Review.Aug 13 2025, 2:26 PM
A_smart_kitten updated Other Assignee, added: TheDJ.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits