chore(frontend): add X-Frame-Options header #2538
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
❌ Deploy Preview for brilliant-pasca-3e80ec failed.
|
|
LGTM |
JoblersTune
approved these changes
Mar 14, 2024
|
Should we add the |
The limitations of that mentioned in the cheat sheet are that X-Frame-Options takes priority. |
sabineschaller
added a commit
that referenced
this pull request
Mar 19, 2024
sabineschaller
added a commit
that referenced
this pull request
Mar 19, 2024
* feat(backend): webhook max retry * fix: tighten filter * Update packages/documentation/src/content/docs/integration/deployment.md Co-authored-by: Max Kurapov <max@interledger.org> * test: address review feedback * chore: add feature requests to contributing.md (#2542) * chore: enable graphql protection - maxDepth, blockFieldSuggestions, maxCost (#2537) * chore: add graphql depth restriction * feat: properly enable graphql armor * style: remove unnecessary space * chore: add armor to auth admin server * fix(deps): update module github.com/aws/aws-sdk-go to v1.50.38 (#2543) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @interledger/open-payments to v6.7.2 (#2544) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(frontend): add X-Frame-Options header (#2538) * chore(deps): update dependency @types/lodash to ^4.17.0 (#2546) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/react to ^18.2.66 (#2545) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @interledger/open-payments to v6.8.0 (#2547) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.0 (#2548) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @interledger/docs-design-system to ^0.3.2 (#2549) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency axios to v1.6.8 (#2556) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency isbot to v5 (#2553) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update typescript-eslint monorepo to v7 (#2552) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency koa to ^2.15.1 (#2551) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency postcss to ^8.4.36 (#2559) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update helm release redis to v18.19.3 (#2561) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(bruno): use polling in grant continuation (#2550) * chore: fetch latest OP schemas * feat(bruno): use polling for grant continuation * docs: update * fix: bruno tests * chore(deps): update pnpm to v8.15.5 (#2563) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(telemetry): LIVENET now points to new livenet NLB (#2523) * feat(telemetry): LIVENET now points to new livenet NLB * Update packages/backend/src/config/app.ts Co-authored-by: Max Kurapov <max@interledger.org> * Update packages/backend/src/config/app.ts Co-authored-by: Max Kurapov <max@interledger.org> --------- Co-authored-by: Max Kurapov <max@interledger.org> Co-authored-by: Sabine Schaller <sabine@interledger.org> * feat(auth): improve GNAP error responses (#2400) * feat(auth): improve GNAP error responses * fix: add extra arg to ctx.throw * feat: middleware error improvements * feat: add error messages to grant details endpoint * fix: update error messages in grant routes * feat: create utility function to generate GNAP errors, create enum for GNAP error codes * feat: helper function throws instead of generates response * feat: integration tests (#2380) * feat: setup basic test env * feat: seed integration environment - cmd to start integration environment and run tests - seeds environment on test run - extracts common MASE functionality into new mock-account-servicing-lib * refactor(localenv,integration): move graphql url to config from seed - moves graphql url to config from seed - also removes self section which only contained unused properties * refactor: move testenv configuration into new dir * refactor: cleanup env vars * feat: add webhook server, fix env vars * chore: comment * feat: start grant request test * fix: eslint errors * fix: docker compose env vars * feat: add --build arg * fix: incoming-payment grant initiation request Grant request was failing with invalid signature. This was fixed by directing hte backend to use the same private key being used to create the open payments client. * fix: ts error * feat: implement tests through Create Quote * chore: upgrade op client * feat: partially implemented grant request outgoing payment test * feat: rework to host.docker.internal - switches hostname to host.docker.internal to resolve url mismatch problem - finishes grant request outgoing payment test - cleans up some configuration and test variables * feat: add p2p flow test * feat: add continuation step with consent mocking * fix: rm obsolete type cast to any and comment * feat: add create ougoing payment test * fix: bad pnpm-lock merge * feat: build deps in mock ase job * feat: get non existant wallet address test * fix: update open payments pkg * chore: fix lint warnings * feat: implement continuation polling * chore: test cleanup * refactor: generate gql in tests instead of import from lib * chore: rm old comment * chore: use latest http-singature-utils to match other deps * chore: pnpm i * chore: use latest koa-bodyparser * chore: rm engine strict * chore: revert rm engine strict - fixes netlify ci failure but ultimately not the correct fix * chore(integration): dont ignore env, rm example env * refactor: use docker healthcheck for running tests * chore: move healthcheck to last started docker container * feat: use latest open payments pkg, no body requird on continuation * chore: pnpm i, fix broken lockfile (no apollo version) * refactor: move webhook event enum to types * refactor: move run integration script to test/integration * Update packages/mock-account-servicing-lib/package.json Co-authored-by: Sabine Schaller <sabine@interledger.org> * refactor: simplify mock-account-servicing-entity ci step * feat(integration): exit run-tests early if containers fail to start * feat: use pino logger * refactor: rename mock account servicing lib * refactor: rename class files to camel case * fix: import correct body parser * refactor: poll instead of delay * refactor: simplify call to poll condition only * fix: update filenames * refactor: change filename name to kebab case --------- Co-authored-by: Sabine Schaller <sabine@interledger.org> * fix(deps): update dependency isbot to ^5.1.2 (#2567) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @types/react to ^18.2.67 (#2566) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update module github.com/aws/aws-sdk-go to v1.51.2 (#2565) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update helm release redis to v18.19.4 (#2570) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(backend): make SPSP optional (#2560) * feat: flag to enable/disable SPSP * test: update to cover all cases * docs: add link to glossary * chore: fix lockfile * test: address feedback * delete lockfile * add lockfile * delete lockfile * fix lockfile this time? * fix: formatting --------- Co-authored-by: Max Kurapov <max@interledger.org> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: xplicit <111863110+beniaminmunteanu@users.noreply.github.com> Co-authored-by: Nathan Lie <lie4nathan@gmail.com> Co-authored-by: Blair Currey <12960453+BlairCurrey@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes proposed in this pull request
I think this is my first frontend PR ever 😂
Adds X-Frame-Options header to Admin UI.
Context
Checklist
fixes #number