Skip to content

Commit

Permalink
[TASK] Unify YAML in Content Security Policy examples (TYPO3-Document…
Browse files Browse the repository at this point in the history 
…ation#4797)

The strings in the examples are sometimes with or without double quotes, sometimes with a single quote.
This is now streamlined, and double quotes always used.

Please also note, that "static" sources in CSP are always enclosed in single quotes, like `'self'`, resulting in `"'self'"` in YAML.

Releases: main, 12.4
  • Loading branch information
@brotkrueml
brotkrueml authored Oct 1, 2024
1 parent 4896691 commit 89f12f2
Show file tree
Hide file tree
Showing 6 changed files with 24 additions and 24 deletions.
22 changes: 11 additions & 11 deletions Documentation/ApiOverview/ContentSecurityPolicy/_csp.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,31 +2,31 @@
inheritDefault: true
mutations:
# Results in `default-src 'self'`
- mode: set
directive: 'default-src'
- mode: "set"
directive: "default-src"
sources:
- "'self'"

# Extends the ancestor directive ('default-src'),
# thus reuses 'self' and adds additional sources
# Results in `img-src 'self' data: https://*.typo3.org`
- mode: extend
directive: 'img-src'
- mode: "extend"
directive: "img-src"
sources:
- 'data:'
- 'https://*.typo3.org'
- "data:"
- "https://*.typo3.org"

# Extends the ancestor directive ('default-src'),
# thus reuses 'self' and adds additional sources
# Results in `script-src 'self' 'nonce-[random]'`
# ('nonce-proxy' is substituted when compiling the policy)
- mode: extend
directive: 'script-src'
- mode: "extend"
directive: "script-src"
sources:
- "'nonce-proxy'"

# Results in `worker-src blob:`
- mode: set
directive: 'worker-src'
- mode: "set"
directive: "worker-src"
sources:
- 'blob:'
- "blob:"
10 changes: 5 additions & 5 deletions Documentation/ApiOverview/ContentSecurityPolicy/_csp_mode_append.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
mutations:
- mode: set
- mode: "set"
directive: "default-src"
sources:
- "'self'"

- mode: set
- mode: "set"
directive: "img-src"
sources:
- example.org
- "example.org"

- mode: append
- mode: "append"
directive: "img-src"
sources:
- example.com
- "example.com"
4 changes: 2 additions & 2 deletions Documentation/ApiOverview/ContentSecurityPolicy/_csp_mode_extend.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
mutations:
- mode: set
- mode: "set"
directive: "default-src"
sources:
- "'self'"

- mode: extend
- mode: "extend"
directive: "img-src"
sources:
- "example.com"
4 changes: 2 additions & 2 deletions Documentation/ApiOverview/ContentSecurityPolicy/_csp_mode_reduce.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
mutations:
- mode: set
- mode: "set"
directive: "img-src"
sources:
- "'self'"
- "data:"
- "example.com"

- mode: reduce
- mode: "reduce"
directive: "img-src"
sources:
- "data:"
6 changes: 3 additions & 3 deletions Documentation/ApiOverview/ContentSecurityPolicy/_csp_mode_remove.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
mutations:
- mode: set
- mode: "set"
directive: "default-src"
sources:
- "'self'"

- mode: set
- mode: "set"
directive: "img-src"
sources:
- "data:"

- mode: remove
- mode: "remove"
directive: "img-src"
2 changes: 1 addition & 1 deletion Documentation/ApiOverview/ContentSecurityPolicy/_csp_mode_set.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
mutations:
- mode: set
- mode: "set"
directive: "img-src"
sources:
- "'self'"

0 comments on commit 89f12f2

Please sign in to comment.