Remove need for $wgExtensionFunction to configure CSP in MediaWiki
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	Legoktm
	Aug 5 2021, 10:25 AM

Description

Based on https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/477ea0f97c1d763582b76570882e530149dd8356/wmf-config/CommonSettings.php#4149 it looks like we avoid setting CSP headers for logged out users. Instead of checking this in a $wgExtensionFunctions, it should use a proper hook for this purpose or maybe a new core setting, like $wgEnableCSPForLoggedOut = false;

Status	Assigned	Task
Open	None	T271574 Phase out $wgExtensionFunctions
Open	pmiazga	T302623 FY2022-2023: Improve Backend Pageview Timing
Open	None	T180192 Audit wgExtensionFunctions, onRegistration and onSetupAfterCache callbacks in Wikimedia-deployed extensions
Open	None	T28508 Content Security Policy (CSP)
Open	None	T288225 Remove need for $wgExtensionFunction to configure CSP in MediaWiki