Benjamin Klix

@markusguenther I could maybe find some time in the beginning of next week. I don't know yet, if there is a lot to change for this to work, so I...

@robinroloff only changed this line: https://github.com/neos/neos-development-collection/blob/65cbf7b7e0aeedcaea68eae4332d15b719a694c9/Neos.ContentRepository/Classes/Domain/Model/NodeData.php#L928 I will try if it works with only changing this line. Otherwise we will need someone who can run the Behat tests and check,...

> I will try if it works with only changing this line. Ok, this didn't help. But it's hard to debug because the code is really nested... What Behat does...

Thank you so much for having a deeper look at this. Maybe my assumption is wrong, why the error happens. But we always get an error when we try to...

This is now fixed by #5624, so I'm closing this PR.

This issue came up in a Pentest we had for one of our customers. The CSP can be setup in a good way in the frontend (either using a separate...

The tracker itself (`matomo.js`) does not use any `unsafe-eval` methods – we do not allow `unsafe-eval` in our sites CSP and Matomo still works. Those functions are only used in...

With `third party libs` you mean plugins? If that's the case, we could try to make the Matomo core work with CSP and only remove the `unsafe-eval` and `unsafe-inline` if...

Hi @totola-clx, thanks for giving further feedback. I think adding a CSP strict policy to the login page only would only be a "Quick win". To make Matomo more secure,...

I think the check should still be there, but should ignore a missing value. So either ```php $array['dimensionValues'] ??= []; ``` at the beginning of the function or ```php if...