diff --git a/composer.json b/composer.json index 870f3689..403e278c 100644 --- a/composer.json +++ b/composer.json @@ -176,6 +176,7 @@ "drupal/rdf": "^2.0", "drupal/redirect": "^1.6", "drupal/search_api": "^1.28", + "drupal/seckit": "^2.0", "drupal/semanticviews": "^3.0", "drupal/social_auth": "^3.0", "drupal/social_auth_hid": "^3.2", diff --git a/composer.lock b/composer.lock index 28673d88..7d45a054 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "d651c0d64fd84b53ffd4a1121b06a573", + "content-hash": "6ec94113a752877640f50be5e476127a", "packages": [ { "name": "arthurkirkosa/guzzle-description-loader", @@ -6306,6 +6306,67 @@ "irc": "irc://irc.freenode.org/drupal-search-api" } }, + { + "name": "drupal/seckit", + "version": "2.0.1", + "source": { + "type": "git", + "url": "https://git.drupalcode.org/project/seckit.git", + "reference": "2.0.1" + }, + "dist": { + "type": "zip", + "url": "https://ftp.drupal.org/files/projects/seckit-2.0.1.zip", + "reference": "2.0.1", + "shasum": "2eee3b9719bdd5951c2b78f419c86f4765010439" + }, + "require": { + "drupal/core": "^9.3 || ^10" + }, + "type": "drupal-module", + "extra": { + "drupal": { + "version": "2.0.1", + "datestamp": "1671195208", + "security-coverage": { + "status": "covered", + "message": "Covered by Drupal's security advisory policy" + } + } + }, + "notification-url": "https://packages.drupal.org/8/downloads", + "license": [ + "GPL-2.0+" + ], + "authors": [ + { + "name": "badjava", + "homepage": "https://www.drupal.org/user/83372" + }, + { + "name": "jweowu", + "homepage": "https://www.drupal.org/user/152788" + }, + { + "name": "mcdruid", + "homepage": "https://www.drupal.org/user/255969" + }, + { + "name": "p0deje", + "homepage": "https://www.drupal.org/user/529960" + } + ], + "description": "SecKit provides Drupal with various security-hardening options.", + "homepage": "https://www.drupal.org/project/seckit", + "keywords": [ + "Drupal", + "security" + ], + "support": { + "source": "http://cgit.drupalcode.org/seckit", + "issues": "http://drupal.org/project/issues/seckit" + } + }, { "name": "drupal/semanticviews", "version": "3.0.0", diff --git a/config/core.extension.yml b/config/core.extension.yml index eac77e26..db55780e 100644 --- a/config/core.extension.yml +++ b/config/core.extension.yml @@ -28,7 +28,6 @@ module: content_moderation: 0 contextual: 0 core_event_dispatcher: 0 - csp: 0 ctools: 0 datetime: 0 ds_switch_view_mode: 0 @@ -100,6 +99,7 @@ module: search: 0 search_api: 0 search_api_db: 0 + seckit: 0 semanticviews: 0 serialization: 0 shortcut: 0 diff --git a/config/csp.settings.yml b/config/csp.settings.yml deleted file mode 100644 index a8fa0281..00000000 --- a/config/csp.settings.yml +++ /dev/null @@ -1,78 +0,0 @@ -_core: - default_config_hash: yOPH6uEZYRHbg2OFP-bze0jGr06fI-Gr_66W-vA8Faw -report-only: - enable: true - directives: - connect-src: - base: self - sources: - - fonts.gstatic.com - - www.google-analytics.com - - gov-bam.nr-data.net - - analytics.google.com - - '*.unocha.org' - - '*.github.io' - font-src: - base: self - sources: - - fonts.gstatic.com - img-src: - base: self - sources: - - github.com - - '*.google-analytics.com' - object-src: - base: none - script-src: - base: self - flags: - - unsafe-inline - sources: - - fonts.googleapis.com - - www.gstatic.com - - www.google.com - - www.googletagmanager.com - - js-agent.newrelic.com - - '*.google-analytics.com' - - www.google-analytics.com - - '*.github.io' - script-src-attr: - base: self - script-src-elem: - base: self - flags: - - unsafe-inline - sources: - - fonts.googleapis.com - - www.gstatic.com - - www.google.com - - www.googletagmanager.com - - js-agent.newrelic.com - - '*.google-analytics.com' - - www.google-analytics.com - - '*.github.io' - style-src: - base: self - sources: - - '*.github.io' - style-src-attr: - base: self - flags: - - unsafe-inline - style-src-elem: - base: self - sources: - - '*.github.io' - frame-ancestors: - base: self - reporting: - plugin: sitelog -enforce: - enable: true - directives: - object-src: - base: none - frame-ancestors: - base: self - reporting: - plugin: sitelog diff --git a/config/monitoring.sensor_config.core_requirements_csp.yml b/config/monitoring.sensor_config.core_requirements_csp.yml deleted file mode 100644 index 6032f321..00000000 --- a/config/monitoring.sensor_config.core_requirements_csp.yml +++ /dev/null @@ -1,20 +0,0 @@ -uuid: 7212b131-751e-4074-8df8-f29efc0fdcfa -langcode: en -status: false -dependencies: - module: - - csp -id: core_requirements_csp -label: 'Module csp' -description: 'Requirements of the csp module' -category: Requirements -plugin_id: core_requirements -result_class: null -value_label: null -value_type: no_value -caching_time: 3600 -settings: - module: csp - exclude_keys: { } -thresholds: - type: none diff --git a/config/seckit.settings.yml b/config/seckit.settings.yml new file mode 100644 index 00000000..40ed5208 --- /dev/null +++ b/config/seckit.settings.yml @@ -0,0 +1,56 @@ +_core: + default_config_hash: x6bhN6WZwfVUI_LLMvRJIUW_2c26VTaBozbfXmJWmro +seckit_xss: + csp: + checkbox: true + vendor-prefix: + x: true + webkit: false + report-only: false + default-src: "'self'" + script-src: "'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com *.google-analytics.com *.github.io" + object-src: "'none'" + style-src: "'self' 'unsafe-inline' fonts.googleapis.com *.github.io" + img-src: "'self' data: https://*.google-analytics.com https://*.googletagmanager.com gstatic.com *.github.com" + media-src: "'none'" + frame-src: "'self'" + frame-ancestors: "'self'" + child-src: "'self'" + font-src: "'self' data: fonts.gstatic.com" + connect-src: "'self' https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com *.unocha.org *.github.io" + report-uri: /report-csp-violation + upgrade-req: false + policy-uri: '' + x_xss: + seckit_x_xss_option_disable: Disabled + seckit_x_xss_option_0: '0' + seckit_x_xss_option_1: 1; + seckit_x_xss_option_1_block: '1; mode=block' + select: 0 +seckit_csrf: + origin: true + origin_whitelist: '' +seckit_clickjacking: + js_css_noscript: false + noscript_message: 'Sorry, you need to enable JavaScript to visit this website.' + x_frame: '1' + x_frame_allow_from: '' +seckit_ssl: + hsts: true + hsts_subdomains: true + hsts_max_age: 31536000 + hsts_preload: false +seckit_ct: + expect_ct: false + max_age: 86400 + report_uri: '' + enforce: false +seckit_fp: + feature_policy: false + feature_policy_policy: '' +seckit_various: + from_origin: false + from_origin_destination: same + referrer_policy: false + referrer_policy_policy: strict-origin-when-cross-origin + disable_autocomplete: false