Open brotkrueml opened 7 months ago
I am seeing violations of content security policies (activated in v12.4 via the feature flag for backend):
Blocked inline script attribute from 'inline:'
Because of this in Cornerstone.html:
Cornerstone.html
<input id="{data.elementBaseName}" type="checkbox" data-formengine-input-name="data{data.elementBaseName}" value="1" {f:if(condition: data.databaseRow.tx_yoastseo_cornerstone, then: 'checked="checked"')} onclick="document.editform['data{data.elementBaseName}'].value=this.checked?(document.editform['data{data.elementBaseName}'].value|1):(document.editform['data{data.elementBaseName}'].value&0);TBE_EDITOR.fieldChanged('{data.tableName}','{data.vanillaUid}','{data.fieldName}','data{data.elementBaseName}');">
No CSP violation with the default rules provided by TYPO3.
Don't know, just saw the error on my Sentry instance.
But obviously, move the logic of the inline handler into a dedicated script file.
Please give us a description of what happened.
I am seeing violations of content security policies (activated in v12.4 via the feature flag for backend):
Because of this in
Cornerstone.html
:Please describe what you expected to happen and why.
No CSP violation with the default rules provided by TYPO3.
How can we reproduce this behavior?
Don't know, just saw the error on my Sentry instance.
But obviously, move the logic of the inline handler into a dedicated script file.
Technical info