Use logo placement server to place sidebar's logos (pypi#9979)

* Update hashes * Update CSP to accept etihcaldas script * Update breaking test for past date * Replace db logo placement by test one * Add integrity check * Update sha * Use pinned version for logo placement server * Add hashes for inline files * Use random ad from sidebar * Use direct include instead async request so the sponsors div is available to EthicalAds script * Update publisher ID * Update sponsor logo placement to use base side bar section class * Better display sponsor logo * Add new hashes to CSP tests * Try to pass on static lint build * Make translations Co-authored-by: Ee Durbin <ewdurbin@gmail.com>
domdfcoding · Jun 7, 2022 · 2f8d1e8 · 2f8d1e8
1 parent 4beee74
commit 2f8d1e8
Show file tree

Hide file tree

Showing 7 changed files with 119 additions and 95 deletions.
diff --git a/tests/unit/test_csp.py b/tests/unit/test_csp.py
@@ -216,15 +216,24 @@ def test_includeme():
                         "camo.url.value",
                         "www.google-analytics.com",
                         "*.fastly-insights.com",
+                        "*.ethicalads.io",
                     ],
                     "script-src": [
                         "'self'",
                         "www.googletagmanager.com",
                         "www.google-analytics.com",
                         "*.fastly-insights.com",
                         "https://cdn.ravenjs.com",
+                        "*.ethicalads.io",
+                        "'sha256-ozc1u5ldloj5JQ7atdxk8OzBc9sWZf84E9kk+qQuqfU='",
+                    ],
+                    "style-src": [
+                        "'self'",
+                        "fonts.googleapis.com",
+                        "*.ethicalads.io",
+                        "'sha256-3SFGwf4pbwaaParsaRO14/phF13lRoCzJal+Qb8dOlk='",
+                        "'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='",
                     ],
-                    "style-src": ["'self'", "fonts.googleapis.com"],
                     "worker-src": ["*.fastly-insights.com"],
                 }
             }

diff --git a/warehouse/csp.py b/warehouse/csp.py
@@ -99,15 +99,26 @@ def includeme(config):
                     config.registry.settings["camo.url"],
                     "www.google-analytics.com",
                     "*.fastly-insights.com",
+                    "*.ethicalads.io",
                 ],
                 "script-src": [
                     SELF,
                     "www.googletagmanager.com",
                     "www.google-analytics.com",
                     "*.fastly-insights.com",
                     "https://cdn.ravenjs.com",
+                    "*.ethicalads.io",
+                    # Hash for ethicalads-v1.3.0.min.js
+                    "'sha256-ozc1u5ldloj5JQ7atdxk8OzBc9sWZf84E9kk+qQuqfU='",
+                ],
+                "style-src": [
+                    SELF,
+                    "fonts.googleapis.com",
+                    "*.ethicalads.io",
+                    # Hashes for inline styles generated by ethicalads-v1.3.0.min.js
+                    "'sha256-3SFGwf4pbwaaParsaRO14/phF13lRoCzJal+Qb8dOlk='",
+                    "'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='",
                 ],
-                "style-src": [SELF, "fonts.googleapis.com"],
                 "worker-src": ["*.fastly-insights.com"],
             }
         }