Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
M
my.typo3.org
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 2
    • Issues 2
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge Requests 1
    • Merge Requests 1
  • Requirements
    • Requirements
    • List
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Security & Compliance
    • Security & Compliance
    • Dependency List
    • License Compliance
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • t3o
  • my.typo3.org
  • Issues
  • #414

Closed
Open
Opened Aug 20, 2019 by Tymoteusz Motylewski@tmotylewski0 of 1 task completed0/1 task

wrong content security policy for gravatar

Related to (where it should be fixed but was not): https://git-t3o.typo3.org/t3o/my/issues/134

Summary

Browser console shows error on accessing gravatar.

Refused to load the image 'https://s.gravatar.com/avatar/4776e8f8e4a406211fccbc70b7679417?s=100' because it violates the following Content Security Policy directive: "img-src 'self' data: *.typo3.org www.gravatar.com".

Steps to reproduce

go to https://my.typo3.org/about-mytypo3org login with account which is connected to gravatar open browser console

AC

  • Content Security Policy directive must be defined in configuration, which is versionized
Edited Aug 21, 2019 by Stefan Busemann
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: t3o/my#414