Zillion01
commented
1 year ago This is still a security issue in 11.5, hopefully this can be picked up
Open masi opened 4 years ago
Zillion01
commented
1 year ago This is still a security issue in 11.5, hopefully this can be picked up
emileblume
commented
1 year ago Yes, please pick this up
dkd-kaehm
commented
1 year ago This is still a security issue in 11.5, hopefully this can be picked up
@masi, @Zillion01, @emileblume The pull requests are welcome, please provide a change suggestions.
Zillion01
commented
1 year ago Thanks for your reaction. This is a project in which I am not specialized, however I do work for companies who pay DKD for SOLR updates. How do other auto suggest options work without jquery.autocomplete. The thing is, autosuggest is an important feature, but forces insecure configuration of CSP headers which makes it in my opinion one of the most urgent needed code changes.
emileblume
commented
1 year ago Same here. We have municipalities as client that also pay for DKD. I think it's irresposible that this hasn't been fixed earlier.
Describe the bug I have to enable policy unsafe-eval when I want the default autosuggest client code. The problem is that JSONP requires the use of eval() on the client side JSONP has been superceded by CORS for a very long time.