Package: davical
Version: 1.1.12-2.1
Severity: normal
X-Debbugs-Cc: [email protected]
Dear Maintainer,
davical installs the file /etc/apache2/sites-available/davical.conf. The
Content-Security-Policy is defined in apache global scope,
so other programs like roundcube do not work with this CSP!
<FilesMatch
"(admin|help|iSchedule|index|metrics|public|setup|tools|upgrade).php">
Header set Content-Security-Policy ...
</FilesMatch>
Fix: The CSP should be defined for davical only - not globally, e.g.
<Directory /usr/share/davical/htdocs>
<FilesMatch
"(admin|help|iSchedule|index|metrics|public|setup|tools|upgrade).php">
Header set Content-Security-Policy ...
</FilesMatch>
</Directory>
-- System Information:
Debian Release: 13.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 7.0.3 (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC, TAINT_OOT_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to de_DE.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages davical depends on:
pn libawl-php <none>
pn libdbd-pg-perl <none>
pn libyaml-perl <none>
ii perl 5.40.1-6
pn php | php5 <none>
pn php-pgsql | php5-pgsql <none>
pn php-xml | php5 <none>
ii php8.4-cli [php-cli] 8.4.21-1~deb13u1
pn postgresql-client <none>
Versions of packages davical recommends:
pn php-curl | php5-curl <none>
pn postgresql <none>
Versions of packages davical suggests:
pn php-ldap | php5-ldap <none>
