Redundant directive values redux

  • Resolved Ambyomoron

    (@josiah-s-carberry)


    3 years, 11 months ago

    After doing a fresh install of ver. 1.8.0 — that is, installing it on a site that did not previously have SeaSP installed — I opened every page (about 150) of the site. I then checked the list of violations and found a huge number of redundant entries. For example, googletagmanager.com appears 73 times in the default-src directive. Similarly, mysite.com appear 72 times for that directive; twice for font-src; thrice for img-src; and so forth.

    I note, too, that certain violations were simply not logged for the frame-src directive. For example, there are two videos played from vimeo.com which require explicit permission for the domain, but which do not appear in to list of violations.

    It appears that something very unexpected is happening.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author bluetriangle

    (@bluetriangle)

    Hey there, thanks for reaching out! We’ll raise this with our developers and get back to you as soon as we can.

    Plugin Author bluetriangle

    (@bluetriangle)

    Hello, sorry this was not already fixed in the latest update. The team has been looking into it and has identified the issue. They are working on the solution now and we’ll keep you updated. As always thanks for your feedback – it’s much appreciated!

    Plugin Author bluetriangle

    (@bluetriangle)

    Hey! We just deployed v1.8.1 which should have fixed the redundant entries issue.

    Thread Starter Ambyomoron

    (@josiah-s-carberry)

    Much better with ver 1.8.1 . Thank you.
    There remains one issue I see. Here is an extract from the Current CSP as displayed:

    Content-Security-Policy: default-src https: 'self' 'self' 'self' mysite.com *.mysite.com ....

    Andrew

    (@andrewbluetriangle)

    Hey there, I’m Andrew from Blue Triangle. Thanks for confirming v1.8.1 looks better! About the duplicate ‘self’ origins, I was not able to reproduce the issue. Do you happen to have the steps to reproduce it?

    Thread Starter Ambyomoron

    (@josiah-s-carberry)

    I don’t know how to reproduce the situation. I can only give you general information.
    1) The plugin version 1.8.0 was freshly installed.
    2) All pages on the website were opened
    3) On the violations tab, the rules were enabled for all the domains
    4) On the basis of previous work done on a staging site, certain policies were created.
    5) Plugin was updated to 1.8.1
    6) Repeated ‘self’ was detected.

    If the issue is simply an incorrect query on a table, I could provide an export of the table if you provide me with an address to which I might send it.

    Andrew

    (@andrewbluetriangle)

    Hello Ambyomoron,

    We just deployed v1.8.3 which should fix the issue with duplicate directive rules. Note that if you had duplicates, you may have to do one of the following:
    1. Uninstall to clear the tables then reinstall the new version.
    or
    2. Manually delete the duplicate rows in your database.

    Please let me know if there are any issues!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Redundant directive values redux’ is closed to new replies.