Skip to content

Release 1877

Choose a tag to compare

View all tags
@github-actions github-actions released this 13 Aug 12:30
1877
cf8b81a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Trello card

https://trello.com/c/sr8HDii5

Context

Updating the Content Security Policy improves the overall security of the service

Changes proposed in this pull request

  • Enable nonce only for inline scripts
    The Flipper gem and Google maps do not support nonce for styles yet, so can't enable it for inline styles.

  • Fix the font source for the google fonts required by google maps

  • Allow connections only to the the app insights subdomain, instead of all the visualstudio.com subdomains

Guidance to review

Can check the header with curl or from the browser's dev tools

Also can have a run through the pages with the Chrome dev tools console open to see if any related errors are logged.

Assets 2
Loading