Skip to content
This repository was archived by the owner on Oct 29, 2020. It is now read-only.

Enables CSP (Content-Security-Policy) in Report-only mode#5774

Merged
sergiitk merged 3 commits intoDoSomethingArchive:devfrom
sergiitk:enable-csp
Nov 16, 2015
Merged

Enables CSP (Content-Security-Policy) in Report-only mode#5774
sergiitk merged 3 commits intoDoSomethingArchive:devfrom
sergiitk:enable-csp

Conversation

@sergiitk
Copy link
Contributor

@sergiitk sergiitk commented Nov 13, 2015

What's this PR do?

  • Exports default CSP settings to a feature
  • Sets up CSP directives
  • Enables CSP in Report-only mode

Any background context you want to provide?

default-src: 'self' *.dosomething.org
script-src: 'self' 'unsafe-inline' 'unsafe-eval' *.dosomething.org *.google-analytics.com
style-src: 'self' 'unsafe-inline' *.dosomething.org
img-src: 'self' 'unsafe-inline' *.dosomething.org *.google-analytics.com data:

The module will log the report data into the watchdog.

What are the relevant tickets?

Fixes #5392.

@sheyd
Copy link

sheyd commented Nov 16, 2015

👍

sergiitk added a commit that referenced this pull request Nov 16, 2015
@sergiitk
Merge pull request #5774 from sergii-tkachenko/enable-csp
7201077 
Enables CSP (Content-Security-Policy) in Report-only mode
@sergiitk sergiitk merged commit 7201077 into DoSomethingArchive:dev Nov 16, 2015
@sergiitk sergiitk deleted the enable-csp branch November 16, 2015 14:39
@sergiitk
Copy link
Contributor Author

sergiitk commented Nov 16, 2015

Fixes #4378.

@sheyd
Copy link

sheyd commented Nov 16, 2015

👍

@sergiitk sergiitk mentioned this pull request Jan 5, 2016
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@sheyd sheyd

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sergiitk @sheyd