nelmio/NelmioSecurityBundle

Issues

• Nonce not possible to use

  #365 opened 23 days ago by Mecanik
  1

• Can't seem to enable/disable CSP with environment variable

  #362 opened a month ago by pauljura
  0

• Evaluate/update`PolicyManager`

  #358 opened 6 months ago by martijnc
  1

• [3.2.0] The report-uri directive has been deprecated

  #341 opened 3 months ago by directsoftware
  3

• cspscript for encore_entry_script_tags and cspstyle for encore_entry_link_tags

  #314 opened 2 years ago by thomas2411
  4

• When script-src is set to strict-dynamic, 2 nonces are listed in CSP header

  #336 opened 10 months ago by eliseeman
  2

• Unexpecting appearance of unsafe-inline on CSP

  #346 opened 7 months ago by spyridonas
  4

• Service dependency injection for controller action: Getting CSP nonce in controller

  #345 opened 7 months ago by Adambean
  7

• [Feature request] Per-page CSP configuration

  #206 opened 6 years ago by stof
  2

• Incompatibility with twig 3.9

  #343 opened 7 months ago by jderusse
  1

• Add mechanism to modify directives during or after request handling

  #347 opened 7 months ago by martijnc
  0

• Introduce `ExternalRedirectResponse` for more fine-grained redirection control

  #330 opened 9 months ago by martijnc
  0

• Nonce is empty unless dump using twig

  #340 opened 10 months ago by vdeville
  4

• CSP interferes with var-dumper

  #339 opened 10 months ago by pauljura
  1

• Reusing nonce for Turbo Drive integration

  #321 opened 2 years ago by florimondmanca
  1

• Support Permissions-policy header

  #240 opened 4 years ago by nicolas-grekas
  3

• DirectiveSet::canNotBeFallbackedByDefault(): Argument #2 ($value) must be of type string, bool given

  #325 opened a year ago by bartosz-zolynski
  0

• [Feature Contribution] Extending CSP to include Trusted-Types headers

  #233 opened 4 years ago by henrym2
  3

• Update the default hashing algorithm used in signed cookies

  #324 opened 2 years ago by javiereguiluz
  0

• Issue with CSP config

  #317 opened 2 years ago by yellow1912
  2

• Update the description of this GitHub repository

  #323 opened 2 years ago by javiereguiluz
  2

• Remove "Server" header

  #318 opened 2 years ago by sdespont
  1

• Incompatible with Symfony's clearCookie() strategy

  #313 opened 2 years ago by johnpez
  1

• Problem with latest Symfony update and signed_cookie feature

  #312 opened 3 years ago by Flo-JB
  5

• Can't use environment variables to enable/disable features

  #311 opened 3 years ago by janklan
  2

• CSP content_types stopped working

  #199 opened 3 years ago by thomas2411
  2

• [3.0] Roadmap

  #256 opened 3 years ago by franmomu
  1

• [RFC] Remove Cookie Session Handler in 3.0

  #270 opened 3 years ago by franmomu
  1

• Symfony 6 compatibility

  #246 opened 3 years ago by meiyasan
  3

• Ability to override (and disable) `hash`

  #243 opened 3 years ago by drzraf
  3

• Not compatible with Framework-Bundle 5.0

  #231 opened 3 years ago by alcohol
  3

• [Feature Contribution] Path Based configuration

  #234 opened 4 years ago by henrym2
  4

• Is ua-parser/uap-php really optional dependency?

  #214 opened 4 years ago by freezy-sk
  1

• Support for new Cross-origin headers

  #239 opened 4 years ago by stof
  0

• Disable CSP for some URLs

  #232 opened 4 years ago by randomsymbols
  1

• [dependencies] Missing symfony/yaml dependency

  #237 opened 4 years ago by azjezz
  0

• Parse error?

  #230 opened 5 years ago by asaage
  0

• Unexpected ')' in ContentSecurityPolicyController

  #228 opened 5 years ago by andreheeke
  4

• New script src directives

  #200 opened 6 years ago by ooOsH
  1

• Compatibility Twig3

  #216 opened 5 years ago by Nathan-Riviere
  2

• Symfony 4.4 LTS - Erreur CSP

  #215 opened 5 years ago by HeLLsSs
  2

• Twig 3.0 compatibility

  #212 opened 5 years ago by spackmat
  1

• Support for the Feature-Policy header

  #181 opened 6 years ago by stof
  1

• Release 2.5.2

  #186 opened 6 years ago by tgalopin
  1

• How can we manage when user has disabled cookie from browser?

  #195 opened 6 years ago by radhanpuraankit
  1

• Compatibility issue with Twig 2.7.0

  #197 opened 6 years ago by Toflar
  6

• You have requested a non-existent service "nelmio_security.csp_reporter_controller" when csp is disabled

  #196 opened 6 years ago by spackmat
  0

• A tree builder without a root node is deprecated since Symfony 4.2

  #194 opened 6 years ago by pavlakis
  1

• How to set the parameter $reportOnly in the buildHeaders to false in the class ContentSecurityPolicyListener?

  #190 opened 6 years ago by HVSoftware
  1

• Adding Strict-Transport-Security to non-HTTPS connections

  #184 opened 6 years ago by ndench
  3