Allow CSP and SRI in UAT/test environments #24
Conversation
| --- | ||
| Firesphere\CSPHeaders\View\CSPBackend: | ||
| csp_config: | ||
| enabled: false |
There was a problem hiding this comment.
This would disable the headers in production...
There was a problem hiding this comment.
It's scoped to "Except" "Live", so should disable in all environments other than live.
There was a problem hiding this comment.
Yeah, nevermind, I mis-read it due to the collapsing that GitHub does.
| @@ -119,14 +119,14 @@ public function onBeforeInit() | |||
| { | |||
| /** @var ContentController $owner */ | |||
| $owner = $this->owner; | |||
| $this->addPolicyHeaders = Director::isLive() || static::checkCookie($owner->getRequest()); | |||
| $ymlConfig = CSPBackend::config()->get('csp_config'); | |||
| $this->addPolicyHeaders = ($ymlConfig['enabled'] ?? false) || static::checkCookie($owner->getRequest()); | |||
There was a problem hiding this comment.
Please add some automated tests for these changes
|
Please rebase to fix the issues? |
matt-in-a-hat
force-pushed
the
allow_csp_and_sri_in_uat
branch
from
3e56fab
to
08f284c
Compare
|
Could you please rebase this, so the automated tests will run? |
|
@matt-in-a-hat bump 🙂 |
|
@Firesphere possible to get this re-based / merged on behalf of the poster. Be good to have this testable in test :) |
Maybe during the long weekend? I might... Or pull it in to this repo for a specific |
The group 'administrators' can be renamed in the CMS by the end user so isn't a good thing to check against programmatically.
Firesphere
force-pushed
the
allow_csp_and_sri_in_uat
branch
from
08f284c
to
26d3d21
Compare
|
Okay, rebased, let's see where this leads :) (ping @wilr ) |
|
@matt-in-a-hat I've rebased and fixed up the tests (I think...) Please give it a final sanity-check? |
Codecov ReportBase: 93.54% // Head: 94.39% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## master #24 +/- ##
============================================
+ Coverage 93.54% 94.39% +0.84%
- Complexity 161 163 +2
============================================
Files 12 12
Lines 403 410 +7
============================================
+ Hits 377 387 +10
+ Misses 26 23 -3
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
|
Right, gonna merge this one in and see from there. Marking as a new beta release or something |
This makes it possible to configure the module such that CSP and SRI are enabled in test environments if desired. This reduces our chance of pushing code which is otherwise tested to production to then realise it gets blocked by CSP or the SRI isn't being calculated for some reason.
Fixes #22 including the issue of depending on a group named 'administrators' which can be renamed in the CMS.