Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set frame-ancestors to none if none are filled #24189

Merged
merged 1 commit into from
Nov 18, 2020
Merged

Set frame-ancestors to none if none are filled #24189

merged 1 commit into from
Nov 18, 2020

Conversation

rullzer
Copy link
Member

@rullzer rullzer commented Nov 17, 2020

frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.

Signed-off-by: Roeland Jago Douma roeland@famdouma.nl

@rullzer rullzer added this to the Nextcloud 21 milestone Nov 17, 2020
@juliusknorr
Copy link
Member

Seems some tests need adjustments.

@juliusknorr juliusknorr added 2. developing Work in progress and removed 3. to review Waiting for reviews labels Nov 17, 2020
@rullzer rullzer force-pushed the enh/csp/frame-ancestors branch from 04d0357 to 70a3a36 Compare November 17, 2020 19:21
@rullzer
Set frame-ancestors to none if none are filled
9163790 
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer force-pushed the enh/csp/frame-ancestors branch from 70a3a36 to 9163790 Compare November 18, 2020 09:13
@faily-bot
Copy link

faily-bot bot commented Nov 18, 2020

🤖 beep boop beep 🤖

Here are the logs for the failed build:

Status of 35668: failure

mysql8.0-php7.4

Show full log 
There were 2 warnings:

1) Test\Files\ViewTest::testRenameFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

2) Test\Files\ViewTest::testCopyFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

--

There was 1 failure:

1) Test\Files\ObjectStore\ObjectStoreStorageTest::testMoveOverwrite with data set #1 ('/source.txt', '/target with space.txt')
Expected /target with space.txt to be a copy of /drone/src/tests/data/lorem.txt
Failed asserting that false matches expected 'Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.\n
Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.\n
Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.\n
Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.'.

/drone/src/tests/lib/Files/Storage/Storage.php:222
/drone/src/tests/lib/Files/Storage/Storage.php:277

@rullzer rullzer added 4. to release Ready to be released and/or waiting for tests to finish and removed 2. developing Work in progress labels Nov 18, 2020
@rullzer rullzer merged commit 66013f9 into master Nov 18, 2020
@rullzer rullzer deleted the enh/csp/frame-ancestors branch November 18, 2020 10:29
@rullzer
Copy link
Member Author

rullzer commented Dec 1, 2020

/backport to stable20

1 similar comment
@rullzer
Copy link
Member Author

rullzer commented Dec 1, 2020

/backport to stable20

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Dec 1, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliusknorr juliusknorr juliusknorr approved these changes

@nickvergessen nickvergessen nickvergessen approved these changes

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish enhancement security
Projects
None yet
Milestone
Nextcloud 21
Development

Successfully merging this pull request may close these issues.
3 participants
@rullzer @juliusknorr @nickvergessen