https switch always on

  • Resolved masterdanzh

    (@masterdanzh)


    3 years, 12 months ago

    For some header-fields the “https:” switch is always on and cannot be disabled.
    As ex. in frame-ancestors, child-src, connect-src, manifest-src, prefetch-src, script-src-elem, …

    I’m also missing the possibility to set “upgrade-insecure-requests”, “report-uri” and “object-src”

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author bluetriangle

    (@bluetriangle)

    Hello, thanks so much for the feedback! We’ll dig into this now and keep you updated.

    Ambyomoron

    (@josiah-s-carberry)

    I was about to report the same thing. Steps to reproduce:
    1) Go to Directive settings tab
    2) Select any directive for which none of the options are activated.
    3) Click on any option in the scheme source or the other columns. https option in host-source is activated.
    4) Click on that same option in the scheme source or other columns. The clicked option is unset. Note that no option other than https is set.
    5) Click on the https option. Expected result is the option is unset. Actual result is there is no change. The option remains set.

    Andrew

    (@andrewbluetriangle)

    Hello all,

    We just deployed v1.8.3 that should fix this issue.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘https switch always on’ is closed to new replies.