Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-14630

Remove unsafe-inline from content security policy style-src

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • L3 - Default
    • None
    • None
    • webapp

    Description

      Acceptance Criteria (Required on creation):

      • The style-src part of our default Content Security Policy doesn't use unsafe-inline
      • bpmn-js library is updated to a csp compliant version (https://github.com/bpmn-io/bpmn-js/issues/1625)
      • inline style attributes are completely refactored
      • inline styles are refactored where possible

      Hints (optional):

      • use the ng-csp attribute to turn off angular's usage of inline styles (<body ng-csp="no-inline-style">)
      • ui-boostrap uses inline styles (see ui-bootstrap-tpls-2.5.0-camunda.js@7770, those styles need to be extracted. After this change however the dropdown element will have a small ui bug.

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Task - A task that needs to be done. CAM-14139 Make default content security policy more strict

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                Unassigned Unassigned
                daniel.kelemen Daniel Kelemen
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Salesforce