Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WSTEAM1-1068: Add csp next #11694

Merged
merged 19 commits into from
Jun 6, 2024
Merged

WSTEAM1-1068: Add csp next #11694

merged 19 commits into from
Jun 6, 2024

Conversation

shayneahchoon
Copy link
Contributor

@shayneahchoon shayneahchoon commented Jun 3, 2024
edited
Loading

Resolves JIRA WSTEAM1-1068

Overall changes

Add the following csp headers onto the Next.js app:

 policiesFromExpress= [
  'default-src',
  'child-src',
  'connect-src',
  'font-src',
  'frame-src',
  'img-src',
  'script-src',
  'style-src',
  'media-src',
  'worker-src',
  'report-to',
  'upgrade-insecure-requests',
];

Code changes

  • Next.js middleware function altered to append csp onto both the request and response headers.
  • Helmet csp function in the express app refactored to prevent dependency resolution errors from Next.js app.

Testing

  1. List the steps used to test this PR.

Helpful Links

Add Links to useful resources related to this PR if applicable.

Coding Standards

Repository use guidelines

amoore108
amoore108 approved these changes Jun 4, 2024
View reviewed changes
Copy link
Contributor

@amoore108 amoore108 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I'd test this on the Preview environment first against some Live page assets that have embeds/video players on them just to be sure.

emilysaffron
emilysaffron approved these changes Jun 4, 2024
View reviewed changes
Copy link
Contributor

@emilysaffron emilysaffron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@shayneahchoon shayneahchoon merged commit 5d99249 into latest Jun 6, 2024
11 checks passed
@shayneahchoon shayneahchoon deleted the WSTEAM1-1068 branch June 6, 2024 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amoore108 amoore108 amoore108 approved these changes

@emilysaffron emilysaffron emilysaffron approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@shayneahchoon @amoore108 @emilysaffron