Paths

Table of Contentst

Diffusion Phabricator a5efd7eedb3c

Add "object-src 'none'" to the Content-Security-Policy
a5efd7eedb3c
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

Add "object-src 'none'" to the Content-Security-Policy

Summary: See PHI399. Ref T4340. We don't require Flash/Java anywhere and can safely block them unconditionally in the Content-Security-Policy header.

Test Plan: Added a <object ... /> tag to a page, saw "Blocked Plug-In" and a CSP warning in the browser console.

Maniphest Tasks: T4340

Differential Revision: https://secure.phabricator.com/D19154

Details

Provenance

epriestley	Authored on Feb 28 2018, 10:15 PM
epriestley	Pushed on Mar 1 2018, 1:19 AM

Differential Revision

D19154: Add "object-src 'none'" to the Content-Security-Policy

Parents

rPf114b2dd7d4b: When viewing a live build log, trap users in a small personal hell where…

Branches

Unknown

Tags

Unknown

Tasks

T4340: Implement Content-Security-Policy and Strict-Transport-Security headers

Build Status

Buildable 19700
Build 26681: Run Core Tests

Event Timeline

epriestley committed rPa5efd7eedb3c: Add "object-src 'none'" to the Content-Security-Policy (authored by epriestley).Mar 1 2018, 1:19 AM

epriestley added a task: T4340: Implement Content-Security-Policy and Strict-Transport-Security headers.

Harbormaster completed building B19700: rPa5efd7eedb3c: Add "object-src 'none'" to the Content-Security-Policy.Mar 1 2018, 1:21 AM

Changes (1)

Path

Size

src/

aphront/

response/

AphrontResponse.php

rPa5efd7eedb3c

src/aphront/response/AphrontResponse.php

Loading...