https://bugzilla.wikimedia.org/show_bug.cgi?id=26508
--- Comment #10 from Christian Kujau li...@nerdbynature.de ---
Firefox Chrome both have CSP enabled now. A single page load (6k article)
gives multiple errors, here's how Chrome articulates this:
--- times reported, per page
|
v
6
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508
--- Comment #9 from Christian Kujau li...@nerdbynature.de 2012-06-21 08:53:34
UTC ---
Another CSP warning, MW 1.19.1, Firefox 13.0:
---
Timestamp: 6/21/12 01:37:49
Warning: CSP: Directive inline script base restriction violated
Source
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508
--- Comment #8 from Daniel Friesen mediawiki-b...@nadir-seen-fire.com
2012-03-12 03:43:29 UTC ---
For those interested in CSP I put together a starting CSP branch:
https://github.com/dantman/mediawiki-core/compare/master...csp
It uses a
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508
Christian Kujau li...@nerdbynature.de changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508
Daniel Friesen mediawiki-b...@nadir-seen-fire.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508
--- Comment #6 from Bawolff bawolff...@gmail.com 2011-12-15 18:46:01 UTC ---
Apparently you'd need to use a header like:
X-Content-Security-Policy: allow 'self'; img-src 'self' data:
to allow data urls. But we also have inline js in vector
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508
--- Comment #7 from Christian Kujau li...@nerdbynature.de 2011-12-15 23:26:44
UTC ---
FWIW, I took the setting from the (out-of-date)
https://people.mozilla.com/~bsterne/content-security-policy/details.html#examples,
where it was described as
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508
Hendrik Brummermann nhb_...@nexgo.de changed:
What|Removed |Added
CC||nhb_...@nexgo.de
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508
Mark A. Hershberger m...@everybody.org changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508
Bawolff bawolff...@gmail.com changed:
What|Removed |Added
CC||bawolff...@gmail.com
10 matches
Mail list logo