Merge branch 'main' into fix-assets

TYPO3-Documentation · Sep 23, 2024 · 76c51ce · 76c51ce
2 parents 8fc019d + eef6ed5
commit 76c51ce
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 10 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
 *.bak
 *.idea
 .Build/*
+config/
 *.project
 *.swp
 *NOT_VERSIONED*

diff --git a/Documentation/ApiOverview/CommandControllers/ListCommands.rst b/Documentation/ApiOverview/CommandControllers/ListCommands.rst
@@ -7,8 +7,6 @@
 List of TYPO3 console commands
 ==============================
 
-..  todo: List all common commands once https://forge.typo3.org/issues/103858 is resolved
-
 By default TYPO3 ships the listed console commands, depending
 on which system extensions are installed.
 
@@ -28,7 +26,8 @@ on legacy installations:
 List all TYPO3 console commands
 ===============================
 
-..  console:command:: list
+..  console:command-list::
     :json: commands.json
     :script: vendor/bin/typo3
     :exclude-option: help, quiet, verbose, version, ansi, no-ansi, no-interaction
+    :exclude-namespace: clinspector, codesnippet, examples, styleguide
diff --git a/Documentation/ApiOverview/CommandControllers/commands.json b/Documentation/ApiOverview/CommandControllers/commands.json
diff --git a/Documentation/ApiOverview/ContentSecurityPolicy/Index.rst b/Documentation/ApiOverview/ContentSecurityPolicy/Index.rst
@@ -36,9 +36,15 @@ web page context.
 Content Security Policy declarations can be applied to a TYPO3 website in
 frontend and backend scope with a dedicated API.
 
-To delegate Content Security Policy handling to TYPO3 frontend, the feature flag
-:ref:`security.frontend.enforceContentSecurityPolicy <typo3ConfVars_sys_features_security.frontend.enforceContentSecurityPolicy>`
-needs to be enabled.
+To delegate Content Security Policy handling to TYPO3 frontend, at least one of
+the feature flags
+
+*   :confval:`globals-typo3-conf-vars-sys-features-security-frontend-enforceContentSecurityPolicy`
+    (for enforcing)
+*   :confval:`globals-typo3-conf-vars-sys-features-security-frontend-reportContentSecurityPolicy`
+    (for report-only mode, available since TYPO3 v12.4.20)
+
+need to be enabled.
 
 ..  versionchanged:: 13.0
 

diff --git a/Documentation/Configuration/Typo3ConfVars/SYS.rst b/Documentation/Configuration/Typo3ConfVars/SYS.rst
@@ -656,7 +656,29 @@ configurations.
         :Default: false
 
         If enabled, the :ref:`Content Security Policy <content-security-policy>`
-        is applied in frontend scope.
+        is enforced in frontend scope (HTTP header `Content-Security-Policy`).
+
+        This option can be enabled in combination with
+        :confval:`globals-typo3-conf-vars-sys-features-security-frontend-reportContentSecurityPolicy`.
+        Then both headers are set.
+
+    ..  _typo3ConfVars_sys_features_security.frontend.reportContentSecurityPolicy:
+
+    ..  confval:: security.frontend.reportContentSecurityPolicy
+        :name: globals-typo3-conf-vars-sys-features-security-frontend-reportContentSecurityPolicy
+        :Path: $GLOBALS['TYPO3_CONF_VARS']['SYS']['features']['security.frontend.reportContentSecurityPolicy']
+        :type: bool
+        :Default: false
+
+        ..  versionadded:: 12.4.20
+
+        If enabled, the :ref:`Content Security Policy <content-security-policy>`
+        is applied in frontend scope as report-only (HTTP header
+        `Content-Security-Policy-Report-Only`).
+
+        This option can be enabled in combination with
+        :confval:`globals-typo3-conf-vars-sys-features-security-frontend-enforceContentSecurityPolicy`.
+        Then both headers are set.
 
     ..  _typo3ConfVars_sys_features_security.frontend.allowInsecureFrameOptionInShowImageController:
 

diff --git a/Makefile b/Makefile
@@ -16,15 +16,20 @@ test-docs: ## Test the documentation rendering
 	docker run --rm --pull always -v "$(shell pwd)":/project -t ghcr.io/typo3-documentation/render-guides:latest --config=Documentation --no-progress --fail-on-log
 
 .PHONY: generate
-generate: codesnippets command-json ## Regenerate automatic code documentation
+generate: setup-typo3 codesnippets command-json ## Regenerate automatic code documentation
 
 .PHONY: codesnippets
 codesnippets: ## Regenerate code snippets
 	ddev exec .Build/bin/typo3 codesnippet:create Documentation/
 
+.PHONY: setup-typo3
+setup-typo3: ## Setup TYPO3 stub
+	ddev exec '.Build/bin/typo3 setup --driver=sqlite --username=db --password=db --admin-username=john-doe --admin-user-password="John-Doe-1701D." --admin-email="[email protected]" --project-name="TYPO3 Docs" --no-interaction --server-type=apache --force'
+
 .PHONY: command-json
 command-json: ## Regenerate JSON file containing all console commands
-	ddev exec .Build/bin/typo3 list --format=json > Documentation/ApiOverview/CommandControllers/commands.json
+	ddev exec .Build/bin/typo3 clinspector:gadget > Documentation/ApiOverview/CommandControllers/commands.json
+	echo "" >> Documentation/ApiOverview/CommandControllers/commands.json
 
 .PHONY: test-lint
 test-lint: ## Regenerate code snippets

diff --git a/composer.json b/composer.json
@@ -9,6 +9,7 @@
     "require-dev": {
         "ergebnis/composer-normalize": "~2.41.0",
         "friendsofphp/php-cs-fixer": "^3.46",
+        "garvinhicking/clinspector-gadget": "^0.1.1",
         "symfony/yaml": "^7.0",
         "t3docs/blog-example": "dev-main",
         "t3docs/codesnippet": "dev-main",