Should be fairly easy to do, as its isolated from rest of MW
Only noteworthy thing is the CC license picker.
Doing this also helps with T238367.
Should be fairly easy to do, as its isolated from rest of MW
Only noteworthy thing is the CC license picker.
Doing this also helps with T238367.
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Add a CSP policy to the installer | mediawiki/core | master | +49 -14 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T28508 Content Security Policy (CSP) | |||
Open | None | T248808 Add CSP policy to installer |
The policy I'm thinking of: default-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; script-src 'self' 'nonce-VnNsWAXz4PjrGZ0kPP5hGvDa'; img-src 'self' data: i.creativecommons.org licensebuttons.net; frame-src creativecommons.org 'self'; base-uri 'none'
Change 584268 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Add a CSP policy to the installer