fix: Avoid CSP related warnings in console on booking pages. by hariombalhara · Pull Request #14072 · calcom/cal.diy

hariombalhara · 2024-03-13T12:53:54Z

What does this PR do?

We are disabling Report only CSP mode now. It was added so that we can observe the errors that would come if we enable CSP and work towards fixing them. As, we are not actively working towards fixing them, it doesn't make sense to keep the mode enabled.

These are some of the reasons we get CSP warnings on booking pages as of now.

Analytics scripts
Embeds use app.cal.com which access cal.com which isn't whitelisted.

Type of change

Bug fix (non-breaking change which fixes an issue)

How should this be tested?

Set CSP_POLICY='non-strict' in .env

After that visit app.cal.com/teampro and notice that it is serving CONTENT-SECURITY-POLICY-REPORT-ONLY header in main
In this branch, the header shouldn't be served.

Mandatory Tasks

Make sure you have self-reviewed the code. A decent size PR without self-review might be rejected.

Checklist

I haven't added tests that prove my fix is effective or that my feature works

hariombalhara · 2024-03-13T12:54:06Z

fix: Avoid CSP related warnings in console on booking pages. #14072 👈
main

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @hariombalhara and the rest of your teammates on Graphite

github-actions · 2024-03-13T12:54:08Z

Thank you for following the naming conventions! 🙏 Feel free to join our discord and post your PR link.

vercel · 2024-03-13T12:54:17Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
ai	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 15, 2024 3:25pm

3 Ignored Deployments

Name	Status	Preview	Updated (UTC)
cal	⬜️ Ignored (Inspect)	Visit Preview	Mar 15, 2024 3:25pm
calcom-web-canary	⬜️ Ignored (Inspect)	Visit Preview	Mar 15, 2024 3:25pm
qa	⬜️ Ignored (Inspect)	Visit Preview	Mar 15, 2024 3:25pm

hariombalhara · 2024-03-13T12:57:17Z

 # NEXT_PUBLIC_DISABLE_SIGNUP=true
 NEXT_PUBLIC_DISABLE_SIGNUP=

+# Set this to 'non-strict' to enable CSP for support pages. 'strict' isn't supported yet. Also, check the README for details.


Missing documentation

hariombalhara · 2024-03-13T12:59:21Z

+    const name = enforced ? "Content-Security-Policy" : /*"Content-Security-Policy-Report-Only"*/ null;
+
+    if (!name) {
+      return {


This is the same return value we do in similar cases above.

github-actions · 2024-03-13T13:03:23Z

📦 Next.js Bundle Analysis for @calcom/web

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

deploysentinel · 2024-03-13T13:03:50Z

Current Playwright Test Results Summary

✅ 303 Passing - ⚠️ 15 Flaky

Run may still be in progress, this comment will be updated as current testing workflow or job completes...

(Last updated on 03/15/2024 03:41:10pm UTC)

Run Details

Running Workflow PR Update on Github Actions

Commit: b0cbcfd

Started: 03/15/2024 03:35:32pm UTC

⚠️ Flakes

📄 apps/web/playwright/integrations-stripe.e2e.ts • 2 Flakes

Top 1 Common Error Messages

`null`	2 Test Cases Affected

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Stripe integration Can book a paid booking Retry 1 • Initial Attempt	3.79% (8) 8 / 211 runs failed over last 7 days	33.18% (70) 70 / 211 runs flaked over last 7 days
Stripe integration Paid booking should be able to be rescheduled Retry 2 • Retry 1 • Initial Attempt	0.99% (2) 2 / 203 runs failed over last 7 days	1.97% (4) 4 / 203 runs flaked over last 7 days

📄 apps/web/playwright/insights.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Insights should be able to go to insights as admins Retry 1 • Initial Attempt	0.50% (1) 1 / 201 run failed over last 7 days	6.47% (13) 13 / 201 runs flaked over last 7 days

📄 apps/web/playwright/profile.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Update Profile Can resend verification link if the secondary email is unverified Retry 2 • Retry 1 • Initial Attempt	5.79% (11) 11 / 190 runs failed over last 7 days	25.26% (48) 48 / 190 runs flaked over last 7 days

📄 apps/web/playwright/organization/organization-invitation.e2e.ts • 2 Flakes

Top 1 Common Error Messages

`null`	2 Test Cases Affected

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Organization Email not matching orgAutoAcceptEmail nonexisting user invited to a Team inside organization Retry 1 • Initial Attempt	1.53% (3) 3 / 196 runs failed over last 7 days	14.80% (29) 29 / 196 runs flaked over last 7 days
Organization Email matching orgAutoAcceptEmail and a Verified Organization nonexisting user is invited to a team inside organization Retry 1 • Initial Attempt	4.08% (8) 8 / 196 runs failed over last 7 days	8.16% (16) 16 / 196 runs flaked over last 7 days

📄 apps/web/playwright/availability.e2e.ts • 1 Flake

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Availablity it can delete date overrides Retry 2 • Retry 1 • Initial Attempt	2.13% (1) 1 / 47 run failed over last 7 days	44.68% (21) 21 / 47 runs flaked over last 7 days

📄 packages/embeds/embed-core/playwright/tests/action-based.e2e.ts • 8 Flakes

Top 1 Common Error Messages

`null`	8 Test Cases Affected

Test Case Results

Test Case	Last 7 days Failures	Last 7 days Flakes
Popup Tests should open embed iframe on click - Configured with light theme Retry 1 • Initial Attempt	1.45% (3) 3 / 207 runs failed over last 7 days	45.41% (94) 94 / 207 runs flaked over last 7 days
Popup Tests should be able to reschedule Retry 1 • Initial Attempt	-85.45% (-94) -94 / 110 runs failed over last 7 days	85.45% (94) 94 / 110 runs flaked over last 7 days
Popup Tests should open Routing Forms embed on click Retry 1 • Initial Attempt	-85.32% (-93) -93 / 109 runs failed over last 7 days	85.32% (93) 93 / 109 runs flaked over last 7 days
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe according to system theme when no theme is configured through Embed API Retry 1 • Initial Attempt	-84.40% (-92) -92 / 109 runs failed over last 7 days	84.40% (92) 92 / 109 runs flaked over last 7 days
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe according to system theme when configured with 'auto' theme using Embed API Retry 1 • Initial Attempt	-84.40% (-92) -92 / 109 runs failed over last 7 days	84.40% (92) 92 / 109 runs flaked over last 7 days
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe(Booker Profile Page) with dark theme when configured with dark theme using Embed API Retry 1 • Initial Attempt	-84.40% (-92) -92 / 109 runs failed over last 7 days	84.40% (92) 92 / 109 runs flaked over last 7 days
Popup Tests Floating Button Popup Pro User - Configured in App with default setting of system theme should open embed iframe(Event Booking Page) with dark theme when configured with dark theme using Embed API Retry 1 • Initial Attempt	-84.40% (-92) -92 / 109 runs failed over last 7 days	84.40% (92) 92 / 109 runs flaked over last 7 days
Popup Tests prendered embed should be loaded and apply the config given to it Retry 1 • Initial Attempt	-84.40% (-92) -92 / 109 runs failed over last 7 days	84.40% (92) 92 / 109 runs flaked over last 7 days

View Detailed Build Results

graphite-app · 2024-03-13T13:05:12Z

Graphite Automations

"Add consumer team as reviewer" took an action on this PR • (03/13/24)

1 reviewer was added to this PR based on Keith Williams's automation.

emrysal

👍

CLAassistant · 2024-03-15T15:34:53Z

All committers have signed the CLA.

Disable report only mode for CSP

348d18a

github-actions Bot added the ❗️ .env changes contains changes to env variables label Mar 13, 2024

keithwillcode added consumer core area: core, team members only labels Mar 13, 2024

vercel Bot deployed to Preview – ai March 13, 2024 12:54 View deployment

vercel Bot deployed to Preview – api March 13, 2024 12:56 View deployment

hariombalhara commented Mar 13, 2024

View reviewed changes

hariombalhara changed the title ~~Disable report only mode for CSP~~ fix: Avoid CSP related warnings in console on booking pages. Mar 13, 2024

hariombalhara self-assigned this Mar 13, 2024

hariombalhara marked this pull request as ready for review March 13, 2024 13:01

graphite-app Bot requested a review from a team March 13, 2024 13:01

vercel Bot deployed to Preview – dev March 13, 2024 13:07 View deployment

emrysal approved these changes Mar 14, 2024

View reviewed changes

Merge branch 'main' into disable-report-only-mode

6747909

hariombalhara enabled auto-merge (squash) March 14, 2024 08:03

github-actions Bot added embed area: embed, widget, react embed linear Sync Github Issue from community members to Linear.app Medium priority Created by Linear-GitHub Sync 🐛 bug Something isn't working labels Mar 14, 2024

vercel Bot deployed to Preview – ai March 14, 2024 08:05 View deployment

vercel Bot deployed to Preview – api March 14, 2024 08:08 View deployment

vercel Bot deployed to Preview – dev March 14, 2024 08:20 View deployment

Merge branch 'main' into disable-report-only-mode

b0cbcfd

vercel Bot deployed to Preview – ai March 15, 2024 15:25 View deployment

vercel Bot deployed to Preview – api March 15, 2024 15:28 View deployment

vercel Bot deployed to Preview – dev March 15, 2024 15:38 View deployment

hariombalhara merged commit 8fe8beb into main Mar 15, 2024

hariombalhara deleted the disable-report-only-mode branch March 15, 2024 15:42

Conversation

hariombalhara commented Mar 13, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What does this PR do?

Type of change

How should this be tested?

Mandatory Tasks

Checklist

Uh oh!

hariombalhara commented Mar 13, 2024

Uh oh!

github-actions Bot commented Mar 13, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

vercel Bot commented Mar 13, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

hariombalhara Mar 13, 2024

Choose a reason for hiding this comment

Uh oh!

hariombalhara Mar 13, 2024

Choose a reason for hiding this comment

Uh oh!

github-actions Bot commented Mar 13, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

📦 Next.js Bundle Analysis for @calcom/web

Uh oh!

deploysentinel Bot commented Mar 13, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Current Playwright Test Results Summary

⚠️ Flakes

Top 1 Common Error Messages

Test Case Results

Test Case Results

Test Case Results

Top 1 Common Error Messages

Test Case Results

Test Case Results

Top 1 Common Error Messages

Test Case Results

Uh oh!

graphite-app Bot commented Mar 13, 2024

Graphite Automations

Uh oh!

emrysal left a comment

Choose a reason for hiding this comment

Uh oh!

CLAassistant commented Mar 15, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

hariombalhara commented Mar 13, 2024 •

edited

Loading

github-actions Bot commented Mar 13, 2024 •

edited

Loading

vercel Bot commented Mar 13, 2024 •

edited

Loading

github-actions Bot commented Mar 13, 2024 •

edited

Loading

deploysentinel Bot commented Mar 13, 2024 •

edited

Loading

CLAassistant commented Mar 15, 2024 •

edited

Loading