This repository has been archived by the owner on Aug 26, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 679
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bug 948151: Add CSP config, reporting endpoint
Add a CSP configuration, based on testing several pages on development. Enabling CSP and other options are configured from the environment, and off by default. The policy is configured in the Django settings, and not configured by the environment. The policy allows inline CSS and JavaScript, so that the site works without modification, but doesn't add as much security as it could. CKEditor 4.5.10 still requires unsafe-eval, but 4.7 claims to remove this requirement. A decorator adds unsafe-eval only on the editing pages that use CKEditor. The reporting view is copied from mozilla/bedrock, and it used to forward violation reports to Sentry. There were no tests to copy.
- Loading branch information
Showing
5 changed files
with
97 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters