Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP header adjustments (backport #3068) #3075

Merged
merged 4 commits into from
Jul 21, 2021
Merged

CSP header adjustments (backport #3068) #3075

merged 4 commits into from
Jul 21, 2021

Conversation

mergify[bot]
Copy link

@mergify mergify bot commented Jul 21, 2021
edited by bjoernricks
Loading

This is an automatic backport of pull request #3068 done by Mergify.

AP-1507

Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.io/

@mergify mergify bot requested a review from a team as a code owner July 21, 2021 06:38
@bjoernricks
Copy link
Contributor

@Mergifyio rebase

@bjoernricks bjoernricks enabled auto-merge July 21, 2021 07:15
@bjoernricks
Restrict content security policy to load data only from current origin
c6cdb89 
Remove frame-acestors completely because it isn't included into an
iframe anymore. If this is still required the CSP settings can be
adjusted via a command line parameter.

More important don't allow executing javascript from inline html. Only
from references javascript files.

But allow to load CSS from inline <style> elements via style-src-elem
(not supported by firefox yet) and style-src CSP settings.

Fixes AP-1507

(cherry picked from commit 9c6bd5b)
@bjoernricks
Add changelog entry
b5e62e1 
(cherry picked from commit 279466b)
@bjoernricks
Don't inline webpack JS runtime code
99f6b34 
Froma https://create-react-app.dev/docs/advanced-configuration

> By default, Create React App will embed the runtime script into
> index.html during the production build. When set to false, the script
> will not be embedded and will be imported as usual. This is normally
> required when dealing with CSP.

(cherry picked from commit 44c7121)
@bjoernricks
Update copyright for --help output
b08565f 
(cherry picked from commit a6a9cea)
@swaterkamp swaterkamp force-pushed the mergify/bp/master/pr-3068 branch from 9c8b0c7 to b08565f Compare July 21, 2021 07:16
@mergify
Copy link
Author

mergify bot commented Jul 21, 2021

Command rebase: success

Branch has been successfully rebased

@codecov
Copy link

codecov bot commented Jul 21, 2021

Codecov Report

Merging #3075 (9c8b0c7) into master (000967f) will increase coverage by 19.69%.
The diff coverage is 67.66%.

❗ Current head 9c8b0c7 differs from pull request most recent head b08565f. Consider uploading reports for the commit b08565f to get more accurate results
Impacted file tree graph

@@             Coverage Diff             @@
##           master    #3075       +/-   ##
===========================================
+ Coverage   36.73%   56.42%   +19.69%     
===========================================
  Files         991     1036       +45     
  Lines       22191    25168     +2977     
  Branches     6110     7197     +1087     
===========================================
+ Hits         8151    14202     +6051     
+ Misses      12715     9910     -2805     
+ Partials     1325     1056      -269
Impacted Files Coverage Δ
gsa/src/gmp/cancel.js 100.00% <ø> (ø)
gsa/src/gmp/capabilities/capabilities.js 100.00% <ø> (ø)
gsa/src/gmp/capabilities/everything.js 100.00% <ø> (ø)
gsa/src/gmp/collection/collectioncounts.js 82.60% <ø> (+47.82%) ⬆️
gsa/src/gmp/command.js 100.00% <ø> (ø)
gsa/src/gmp/commands/alerts.js 14.28% <0.00%> (ø)
gsa/src/gmp/commands/auth.js 100.00% <ø> (ø)
gsa/src/gmp/commands/certbund.js 63.63% <ø> (ø)
gsa/src/gmp/commands/cpes.js 63.63% <ø> (ø)
gsa/src/gmp/commands/credentials.js 18.91% <ø> (ø)
... and 1166 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f2b84d6...b08565f. Read the comment docs.

@bjoernricks bjoernricks merged commit 5001e9f into master Jul 21, 2021
@bjoernricks bjoernricks deleted the mergify/bp/master/pr-3068 branch July 21, 2021 07:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bjoernricks bjoernricks bjoernricks approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bjoernricks