Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • cesnet_simplesamlphp-1.19.8
  • elixir_simplesamlphp-1.19.8
  • simplesamlphp-1.19.8
  • cesnet_simplesamlphp-1.19.5
  • simplesamlphp-2.0
  • feature/assets
  • feature/rac-source-selector
  • cleanup/remove-base64-attributes
  • simplesamlphp-1.19
  • elixir_simplesamlphp-1.19.5
  • aarc_idp_hinting
  • feature/validate-authstate-before-processing
  • feature/build-two-tarballs
  • dependabot/composer/twig/twig-3.4.3
  • tvdijen-patch-1
  • unchanged-acs-url-no-www-script
  • feature/translation-improvements
  • symfony6
  • move_tests
  • v1.19.9
  • v2.1.3
  • v2.0.10
  • v2.1.2
  • v2.0.9
  • v2.1.1
  • v2.0.8
  • v2.1.0
  • v2.0.7
  • v2.1.0-rc1
  • v2.0.6
  • v2.0.5
  • 2.0.4-alpha.1
  • v2.0.4-alpha.1
  • v2.0.4
  • v2.0.3
  • v2.0.2
  • v2.0.1-alpha.1
  • v2.0.1
  • v1.19.8
40 results
Search by author
  • Any Author
  • Bohumír Maštalíř Bohumír Maštalíř mastalir
  • David Flor David Flor 493294
  • Jakub Kriš Jakub Kriš 182608
  • Jan Pavlíček Jan Pavlíček 469355
  • Jiří Prokop Jiří Prokop 525248
  • Marek Hlávka Marek Hlávka 484956
  • Martin Kuba Martin Kuba 3988
  • Matej Jošťák Matej Jošťák mixxo
  • Mgr. Radim Křivánek Mgr. Radim Křivánek radimkrivanek
  • Michal Berky Michal Berky 514063
  • Pavel Vyskočil Pavel Vyskočil 445753
  • Pavel Zlámal Pavel Zlámal 256627
  • Perun-GitLab Service Account Perun-GitLab Service Account 9045464
  • Peter Bolha Peter Bolha 485456
  • Peter Lényi Peter Lényi 256333
  • Přemysl Kala Přemysl Kala 47343
  • Rastislav Kruták Rastislav Kruták 492918
  • Šárka Palkovičová Šárka Palkovičová 492687
18 authors
  1. Nov 20, 2018
  3. Oct 17, 2018
  5. Aug 22, 2018
  7. Aug 13, 2018
  9. Oct 19, 2017
  11. Aug 14, 2017
    • Jan de Mooij's avatar
      Make POST template compatible with CSP (#635) · 9c49e503
      Jan de Mooij authored 
      See issue #593 for a problem description.
SimpleSamlPHP makes use of unsafe inline Javascript and CSS elements.
Although most generated HTML uses SimpleSamlPHP's own headers, the
keepPost option in an authentication request uses the headers of
the PHP application it is sent from. This forces web applications
using SimpleSamlPHP to allow 'unsafe-inline' in their Content
Security Policy.

This commit fixes this issue for the keepPost page ''only'', to
allow PHP applications using SimpleSamlPHP to use a more strict
Content Security Policy. This does not take away from possible
XSS vulnerabilities in other parts of SimpleSamlPHP.
      9c49e503
  13. Nov 06, 2015
  15. Jan 27, 2012
  17. Jan 11, 2011
  19. Jul 03, 2009
  21. Jan 26, 2009
  23. Mar 26, 2008
  25. Dec 14, 2007
  27. Oct 20, 2007
  29. Sep 14, 2007