Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add hash-based Content-Security-Policy for SAML post pages #11631

Closed
ugrave opened this issue Jul 27, 2022 · 0 comments
Closed

Add hash-based Content-Security-Policy for SAML post pages #11631

ugrave opened this issue Jul 27, 2022 · 0 comments
Assignees
@ugrave @jzheaux
Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Milestone
5.8.0-M2

Comments

@ugrave
Copy link
Contributor

ugrave commented Jul 27, 2022

Inline scripts of SAML pages for post binding does not work if CSP is active.

Therefore the page should include a hash of the inline script in the meta section.

This ticket is base of the comment of #9529 (comment)
@ugrave ugrave added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jul 27, 2022
@ugrave ugrave mentioned this issue Jul 27, 2022
Open
ugrave added a commit to ugrave/spring-security that referenced this issue Jul 27, 2022
@ugrave
Add hash-based Content-Security-Policy for SAML pages
c424d1c 
Closes spring-projectsgh-11631
@ugrave ugrave mentioned this issue Jul 27, 2022
Merged
@jzheaux jzheaux added type: enhancement A general enhancement in: saml2 An issue in SAML2 modules and removed status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jul 27, 2022
@jzheaux jzheaux added this to the 5.8.0-M2 milestone Jul 27, 2022
@jzheaux jzheaux self-assigned this Jul 27, 2022
jzheaux pushed a commit that referenced this issue Jul 27, 2022
@ugrave @jzheaux
Add hash-based Content-Security-Policy for SAML pages
409998a 
Closes gh-11631
@marcusdacoregio marcusdacoregio mentioned this issue Aug 10, 2022
Closed
@marcusdacoregio marcusdacoregio mentioned this issue Sep 1, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ugrave ugrave

@jzheaux jzheaux

Labels
in: saml2 An issue in SAML2 modules type: enhancement A general enhancement
Projects
None yet
Milestone
5.8.0-M2
Development

No branches or pull requests
2 participants
@ugrave @jzheaux