From bugzilla-daemon@bugs.koha-community.org Thu Mar 12 11:39:51 2026 From: bugzilla-daemon@bugs.koha-community.org To: koha-bugs@lists.koha-community.org Subject: [Koha-bugs] [Bug 38365] Add Content-Security-Policy HTTP header to HTML responses Date: Thu, 12 Mar 2026 10:39:42 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2040602588788347223==" --===============2040602588788347223== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38365 --- Comment #361 from Jonathan Druart --- Created attachment 195165 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=195165&action=edit Bug 38365: Add CSP nonces to all inline script and style tags Signed-off-by: Lari Taskula Amended-by: Jonathan Druart Regenerated the patch on top of bug 41324, using: perl misc/devel/add_csp_nonces.pl --apply ============================================================ Summary: Files scanned: 881 Files modified: 456 Tags modified: 800 ============================================================ Also note that this manual change: koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt -