Skip to content

Commit

Permalink
Update headers with typo fix (#988)
Browse files Browse the repository at this point in the history 
* Update CSP and Referrer-Policy with issues found by Mozilla Observatory.

* Revert unwanted changes.

* Fix typo.
  • Loading branch information
@bhearsum
bhearsum committed Aug 21, 2019
1 parent 9ff4c5a commit 7772c06
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion react-ui/scripts/deploy
View file
Expand Up @@ -11,7 +11,7 @@ curl "${APP_CONFIG_SECRET}" | python3 -c 'import json, sys; a = json.load(sys.st

HEADERS=$(cat <<EOF
{ \
"Content-Security-Policy": "default-src 'none'; script-src 'self'; img-src 'self' https://*.gravatar.com https://*.githubusercontent.com https://i1.wp.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; connect-src https://admin-stage.balrog.nonprod.cloudops.mozgcp.net/ https://auth.mozilla.auth0.com; frame-src https://auth.mozilla.auth0.com; frame-ancestors: 'none'; base-uri: 'none'; form-action: 'none'", \
"Content-Security-Policy": "default-src 'none'; script-src 'self'; img-src 'self' https://*.gravatar.com https://*.githubusercontent.com https://i1.wp.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; connect-src https://admin-stage.balrog.nonprod.cloudops.mozgcp.net/ https://auth.mozilla.auth0.com; frame-src https://auth.mozilla.auth0.com; frame-ancestors 'none'; base-uri 'none'; form-action 'none'", \
"Strict-Transport-Security": "max-age=63072000", \
"X-Content-Type-Options": "nosniff", \
"X-Frame-Options": "SAMEORIGIN", \
Expand Down

1 comment on commit 7772c06

@firefoxci-taskcluster
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uh oh! Looks like an error! Details

Taskcluster-GitHub attempted to create a task for this event with the following scopes:

[
  "assume:repo:github.com/mozilla-releng/balrog:release",
  "queue:route:statuses",
  "queue:scheduler-id:taskcluster-github"
]

The expansion of these scopes is not sufficient to create the task, leading to the following:

Client ID static/taskcluster/github does not have sufficient scopes and is missing the following scopes:

{
  "AllOf": [
    "secrets:get:repo:github.com/mozilla/balrog:dockerhub",
    {
      "AnyOf": [
        "queue:create-task:highest:unknown/unknown",
        "queue:create-task:very-high:unknown/unknown",
        "queue:create-task:high:unknown/unknown",
        "queue:create-task:medium:unknown/unknown",
        "queue:create-task:low:unknown/unknown",
        "queue:create-task:very-low:unknown/unknown",
        "queue:create-task:lowest:unknown/unknown"
      ]
    }
  ]
}

This request requires the client to satisfy the following scope expression:

{
  "AllOf": [
    "secrets:get:repo:github.com/mozilla/balrog:dockerhub",
    "queue:route:statuses",
    "queue:scheduler-id:taskcluster-github",
    {
      "AnyOf": [
        "queue:create-task:highest:unknown/unknown",
        "queue:create-task:very-high:unknown/unknown",
        "queue:create-task:high:unknown/unknown",
        "queue:create-task:medium:unknown/unknown",
        "queue:create-task:low:unknown/unknown",
        "queue:create-task:very-low:unknown/unknown",
        "queue:create-task:lowest:unknown/unknown"
      ]
    }
  ]
}
  • method: createTask
  • errorCode: InsufficientScopes
  • statusCode: 403
  • time: 2020-07-07T14:06:19.911Z

Please sign in to comment.