CSP headers #1004
CSP headers #1004
Conversation
|
Deployed to https://test-deployment-pr-1004.herokuapp.com/ |
|
Kudos, SonarCloud Quality Gate passed!
|
# Conflicts: # build/Dockerfile # build/default.conf # proxy.conf.json # src/app/app.module.ts # src/environments/environment.ts
src/environments/environment.ts
Outdated
| @@ -30,7 +30,8 @@ export const environment = { | |||
| production: false, | |||
| appVersion: "0.0.0", // replaced automatically during docker build | |||
| repositoryId: "Aam-Digital/ndb-core", | |||
| remoteLoggingDsn: undefined, // only set for production mode in environment.prod.ts | |||
| remoteLoggingDsn: | |||
There was a problem hiding this comment.
the problem with this PR is sentry's client SDK - the Dsn is not just any URL. Proxying through "/logging" is not accepted by sentry init.
The "tunnel" option of sentry however requires a server-side rewrite of the request that doesn't seem to be doable just in nginx but would need a simple backend service.
Co-authored-by: Simon <simon@aam-digital.com>
|
Two limitations that only have workarounds:
|
|
deployed to https://dev.aam-digital.net for testing |
|
Deployed to https://pr-1004.aam-digital.net/ |
|
Kudos, SonarCloud Quality Gate passed!
|
|
🎉 This PR is included in version 3.22.0-master.10 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
|
🎉 This PR is included in version 3.22.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
see issue: #950
Adds Content-Security-Policy headers.
For deployment / migration:
CSP_REPORT_URIas environment var (get from sentry to send reports there https://aam-digital.sentry.io/settings/projects/aam-digital/security-headers/csp/ )CSPspecifying the full policy (necessary e.g. for dev server to allow *.aam-digital.net instead of *.aam-digital.com), start by copying the defalt from the Dockerfile.