Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing or insecure "Content-Security-Policy" header (API) #5757

Merged
merged 3 commits into from
Nov 12, 2021
Merged

Missing or insecure "Content-Security-Policy" header (API) #5757

merged 3 commits into from
Nov 12, 2021

Conversation

Venkatesh-rengasamy
Copy link
Contributor

@Venkatesh-rengasamy Venkatesh-rengasamy commented Sep 20, 2021
edited
Loading

Signed-off-by: Venkatesh-rengasamy vrengasa@progress.com

🔩 Description: What code changed, and why?

Add Content-Security-Policy header to resolve blank screen after SAML signin.

⛓️ Related Resources

#4856

👍 Definition of Done

👟 How to Build and Test the Change

Login into SAML account and see you are getting home page insteadof blank screen.

✅ Checklist

All PRs must tick these:

With occasional exceptions, all PRs from Progress employees must tick these:

  • Is the code clear? (complicated code or lots of comments--subdivide and use well-named methods, meaningful variable names, etc.)
  • Consistency checked? (user notifications, user prompts, visual patterns, code patterns, variable names)
  • Repeated code blocks eliminated? (adapt and reuse existing components, blocks, functions, etc.)
  • Spelling, grammar, typos checked? (at a minimum use make spell in any component directory)
  • Code well-formatted? (indents, line breaks, etc. improve rather than hinder readability)

All PRs from Progress employees should tick these if appropriate:

  • Tests added/updated? (all new code needs new tests)
  • Docs added/updated? (all customer-facing changes)

Please add a note next to any checkbox above if you are NOT ticking it.

📷 Screenshots, if applicable

@netlify
Copy link

netlify bot commented Sep 20, 2021
edited
Loading

✔️ Deploy Preview for chef-automate ready!

🔨 Explore the source changes: 83f5676

🔍 Inspect the deploy log: https://app.netlify.com/sites/chef-automate/deploys/618c118ac81a7d0007a5d11f

😎 Browse the preview: https://deploy-preview-5757--chef-automate.netlify.app

@Venkatesh-rengasamy Venkatesh-rengasamy linked an issue Sep 20, 2021 that may be closed by this pull request
Missing or insecure "Content-Security-Policy" header #4856
Closed
@Venkatesh-rengasamy Venkatesh-rengasamy added security automate-ui Team: Kinetic Analysis, user managerment, compliance size, govt findings, Telemetry, Customer bugs, CVE issues labels Sep 20, 2021
@sonarcloud
Copy link

sonarcloud bot commented Sep 21, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@Venkatesh-rengasamy Venkatesh-rengasamy marked this pull request as ready for review September 21, 2021 09:00
@Venkatesh-rengasamy Venkatesh-rengasamy requested a review from a team as a code owner November 5, 2021 13:42
@github-actions github-actions bot added the documentation Anything related to the Automate docs. label Nov 5, 2021
@kalroy kalroy force-pushed the venkatesh/content_sec_policy branch from 8a95162 to 789f293 Compare November 5, 2021 13:57
@kalroy kalroy requested a review from Dmaddu November 8, 2021 11:23
Dmaddu
Dmaddu approved these changes Nov 8, 2021
View reviewed changes
Copy link
Collaborator

@Dmaddu Dmaddu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me

@kagarmoe kagarmoe changed the title Missing or insecure "Content-Security-Policy" header Missing or insecure "Content-Security-Policy" header (API) Nov 9, 2021
@kagarmoe
Copy link

kagarmoe commented Nov 9, 2021

I added (API) to the title to prompt myself about this.

@Venkatesh-rengasamy @kalroy
configure CSP header
a3f7487 
Signed-off-by: Venkatesh-rengasamy <vrengasa@progress.com>
@Venkatesh-rengasamy @kalroy
add csp header in /apis/
6bd78db 
Signed-off-by: Venkatesh-rengasamy <vrengasa@progress.com>
@kalroy
Addition of CSP header is configurable and documented
83f5676 
Signed-off-by: Kallol Roy <karoy@progress.com>
@kalroy kalroy force-pushed the venkatesh/content_sec_policy branch from 789f293 to 83f5676 Compare November 10, 2021 18:38
@sonarcloud
Copy link

sonarcloud bot commented Nov 10, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@kalroy kalroy merged commit c4b99fa into main Nov 12, 2021
@kalroy kalroy deleted the venkatesh/content_sec_policy branch November 12, 2021 06:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dishanktiwari2501 dishanktiwari2501 dishanktiwari2501 approved these changes

@Dmaddu Dmaddu Dmaddu approved these changes

Assignees
No one assigned
Labels
acceptance: internal automate-ui documentation Anything related to the Automate docs. security Team: Kinetic Analysis, user managerment, compliance size, govt findings, Telemetry, Customer bugs, CVE issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Missing or insecure "Content-Security-Policy" header
5 participants
@Venkatesh-rengasamy @kagarmoe @Dmaddu @dishanktiwari2501 @kalroy