View Issue Details

IDProjectCategoryView StatusLast Update
0022064mantisbtjavascriptpublic2016-12-30 15:54
Reporterbadfiles Assigned Tocommunity  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.0.0 
Target Version2.0.0Fixed in Version2.0.0 
Summary0022064: datetime picker does not work if 'cdn_enabled' is ON
Description

core/http.php is missing script security header

also local files have an unneccessary execute attribute.

TagsNo tags attached.

Activities

dregad

dregad

2016-12-23 07:54

developer   ~0054822

I confirm the problem.

CSP does not include a script-src exception for cdnjs.cloudflare.com.

I did not notice it while testing, because the MantisGraph plugin adds an exception for it [1].

badfiles submitted a PR for this at https://github.com/mantisbt/mantisbt/pull/980

[1] https://github.com/mantisbt/mantisbt/blob/release-2.0.0-rc.2/plugins/MantisGraph/MantisGraph.php#L73

Related Changesets

MantisBT: master c1082530

2016-12-22 13:27:25

badfiles


Committer: dregad Details Diff
Fix datetimepicker's files handling

- add js hashes
- add missing security header
- drop execute permissions
- use specific version w/o cdn

Fixes 0022064

Signed-off-by: Damien Regad <dregad@mantisbt.org>
Affected Issues
0022064
mod - core/constant_inc.php Diff File
mod - core/http_api.php Diff File
mod - core/layout_api.php Diff File