Skip to content

Conditionally add upgrade-insecure-requests CSP directive#6665

Merged
labkey-adam merged 4 commits intodevelopfrom
fb_upgrade_secure_requests
May 14, 2025
Merged

Conditionally add upgrade-insecure-requests CSP directive#6665
labkey-adam merged 4 commits intodevelopfrom
fb_upgrade_secure_requests

Conversation

@labkey-adam
Copy link
Contributor

@labkey-adam labkey-adam commented May 13, 2025
edited
Loading

Rationale

Security scanners like to see the upgrade-insecure-requests directive in CSPs, so add it if the server requires HTTPS.

Stop supporting old substitution ${LABKEY.ALLOWED.CONNECTIONS}.

https://www.labkey.org/home/Developer/issues/issues-details.view?issueId=52553

Related Pull Requests

@labkey-adam labkey-adam mentioned this pull request May 13, 2025
Merged
@labkey-adam labkey-adam changed the title Conditionally add upgrade-secure-requests CSP directive Conditionally add upgrade-insecure-requests CSP directive May 14, 2025
@labkey-adam labkey-adam merged commit f88cf73 into develop May 14, 2025
6 checks passed
@labkey-adam labkey-adam deleted the fb_upgrade_secure_requests branch May 14, 2025 20:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@labkey-jeckels labkey-jeckels labkey-jeckels approved these changes

@labkey-matthewb labkey-matthewb labkey-matthewb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@labkey-adam @labkey-jeckels @labkey-matthewb