UploadWizard should add Flickr API to Content Security Policy when required
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	alistair3149
	Mar 25 2021, 6:49 PM

Description

UploadWizard has a feature that allows user to import images from Flickr.
With the feature enabled, UploadWizard will connect to https://api.flickr.com and violate CSP if https://api.flickr.com is not specifically defined under $wgCSPHeader.

Instead, UploadWizard should add the Flickr API to CSP if the feature is being used.

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open		None	T249486 Change Content Security Policy on betacommons to allow api.flickr.com
		Open		None	T278472 UploadWizard should add Flickr API to Content Security Policy when required

Event Timeline

alistair3149 created this task.Mar 25 2021, 6:49 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 25 2021, 6:49 PM

Aklapper added a project: ContentSecurityPolicy.May 19 2021, 9:49 AM

alistair3149 added a parent task: T249486: Change Content Security Policy on betacommons to allow api.flickr.com.May 19 2021, 2:10 PM

alistair3149 mentioned this in T327588: Consider adding more CSP directives to MediaWIki core .Mar 2 2024, 7:25 PM

UploadWizard should add Flickr API to Content Security Policy when requiredOpen, Needs TriagePublicActions

Description

Related ObjectsSearch...

Event Timeline

UploadWizard should add Flickr API to Content Security Policy when required
Open, Needs TriagePublic
Actions

Related Objects
Search...