From bugzilla-daemon@bugs.koha-community.org Fri Mar 13 10:59:50 2026
From: bugzilla-daemon@bugs.koha-community.org
To: koha-bugs@lists.koha-community.org
Subject: [Koha-bugs] [Bug 38365] Add Content-Security-Policy HTTP header to
HTML responses
Date: Fri, 13 Mar 2026 09:47:35 +0000
Message-ID:
In-Reply-To:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6403105019334562113=="
--===============6403105019334562113==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38365
--- Comment #410 from Jonathan Druart ---
Created attachment 195306
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=195306&action=edit
Bug 38365: Add CSP nonces to all inline script and style tags
Signed-off-by: Lari Taskula
Amended-by: Jonathan Druart
Regenerated the patch on top of bug 41324, using:
perl misc/devel/add_csp_nonces.pl --apply
============================================================
Summary:
Files scanned: 881
Files modified: 456
Tags modified: 800
============================================================
Also note that this manual change:
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt
-