Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Allow extra CSP domains #1610

Merged
merged 5 commits into from
May 31, 2022
Merged

feat: Allow extra CSP domains #1610

merged 5 commits into from
May 31, 2022

Conversation

chriswk
Copy link
Contributor

@chriswk chriswk commented May 19, 2022

When setting up our hosted instance we would really like to be allowed to add another domain to our allowed source domains, so that we can add plausible integration.

Co-authored-by: Fredrik Oseberg fredrik.no@gmail.com

@vercel
Copy link

vercel bot commented May 19, 2022
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment
Name Status Preview Updated
unleash-docs ⬜️ Ignored (Inspect) May 31, 2022 at 9:24AM (UTC)

@chriswk chriswk force-pushed the feat/allowExtraCspDomains branch from fe82272 to 5ab1c6b Compare May 19, 2022 14:32
@FredrikOseberg
feat: Allow extra CSP domains
44656e7 
Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
@chriswk chriswk force-pushed the feat/allowExtraCspDomains branch from ede3d85 to 93e5729 Compare May 24, 2022 08:56
@chriswk chriswk force-pushed the feat/allowExtraCspDomains branch from 93e5729 to a5f777c Compare May 24, 2022 08:56
@github-actions
Copy link

github-actions bot commented May 24, 2022
edited

Coverage report

St.
 Category Percentage Covered / Total
🟢 Statements 91.42% 5319/5818
🟡 Branches 79.96% 838/1048
🟢 Functions 86.31% 1229/1424
🟢 Lines 91.35% 5197/5689
Show new covered files 🐣
St.
 File Statements Branches Functions Lines
🟢
... / anonymise.ts
 100% 100% 100% 100%
🟢
... / feature-environment-response.ts
 100% 100% 100% 100%
🟢
... / feature-environment-schema.ts
 100% 100% 100% 100%
Show files with reduced coverage 🔻
St.
 File Statements Branches Functions Lines
🟢
... / feature-toggle-client-store.ts
98.55% (-1.45% 🔻)
 76.67% 100%
98.55% (-1.45% 🔻)
🟢
... / features.ts
 92.31% 100% 89.47% 92.31%
🟡
... / openapi-service.ts
68.75% (-12.5% 🔻)
12.5% (-50% 🔻)
62.5% (-12.5% 🔻)
68.75% (-12.5% 🔻)

Test suite run success

887 tests passing in 125 suites.

Report generated by 🧪jest coverage report action from e683d93

olav
olav suggested changes May 30, 2022
View reviewed changes
src/lib/middleware/secure-headers.ts Outdated
"'self'",
'cdn.getunleash.io',
'gravatar.com',
...config.additionalCspAllowedDomains?.defaultSrc,
Copy link
Contributor

@olav olav May 30, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will these spreads crash if additionalCspAllowedDomains is undefined?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, because if additionalCspAllowedDomains is undefined parseCspEnvironmentVariables() will trigger and provide defaults.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh right! Maybe additionalCspAllowedDomains can be required in IUnleashConfig then, to remove the ?s.

@FredrikOseberg FredrikOseberg merged commit 606270d into main May 31, 2022
@FredrikOseberg FredrikOseberg deleted the feat/allowExtraCspDomains branch May 31, 2022 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FredrikOseberg FredrikOseberg FredrikOseberg left review comments

@olav olav olav approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Issues and PRs
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@chriswk @olav @FredrikOseberg