-
-
Notifications
You must be signed in to change notification settings - Fork 658
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Integrations quality updates #4677
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
const mediaSrc = process.env.CSP_ALLOWED_MEDIA?.split(',') || []; | ||
const objectSrc = process.env.CSP_ALLOWED_OBJECT?.split(',') || []; | ||
const frameSrc = process.env.CSP_ALLOWED_FRAME?.split(',') || []; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Up until now this was derived from "default CSP". If someone depended on default CSP to embed frames/objects/media this has a potential to break things.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It makes sense to support all, but I really struggle to see the value of custom values here.
@@ -21,6 +21,8 @@ import type { AddonSchema } from 'openapi'; | |||
import useAddons from 'hooks/api/getters/useAddons/useAddons'; | |||
import useToast from 'hooks/useToast'; | |||
import { formatUnknownError } from 'utils/formatUnknownError'; | |||
import { Dialogue } from 'component/common/Dialogue/Dialogue'; | |||
import { event } from 'cypress/types/jquery'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
import { event } from 'cypress/types/jquery'; |
- You can set the environment variable CSP_ALLOWED_SCRIPT to allow new scriptSrc (comma separated list) | ||
- You can set the environment variable CSP_ALLOWED_IMG to allow new imgSrc (comma separated list) | ||
- You can set the environment variable CSP_ALLOWED_CONNECT to allow new connectSrc (comma separated list) | ||
- **additionalCspAllowedDomains** (CspAllowedDomains) - use this when you want to enable security headers but have additional domains you need to allow traffic to you can set the following environment variables: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- **additionalCspAllowedDomains** (CspAllowedDomains) - use this when you want to enable security headers but have additional domains you need to allow traffic to you can set the following environment variables: | |
- **additionalCspAllowedDomains** (CspAllowedDomains) - use this when you want to enable security headers but have additional domains you need to allow traffic to. You can set the following environment variables: |
About the changes
Fix issues uncovered when reviewing integrations list and form.