Page MenuHomePhabricator

Include the primary domain in the Content-Security-Policy explicitly if there's no CDN
ClosedPublic

Authored by epriestley on Mar 2 2018, 3:03 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 17, 10:18 AM
Unknown Object (File)
Tue, Dec 3, 11:31 PM
Unknown Object (File)
Thu, Nov 28, 3:58 PM
Unknown Object (File)
Nov 26 2024, 5:24 PM
Unknown Object (File)
Nov 22 2024, 5:18 AM
Unknown Object (File)
Oct 30 2024, 3:46 AM
Unknown Object (File)
Oct 23 2024, 5:12 AM
Unknown Object (File)
Oct 14 2024, 12:01 PM
Subscribers
None

Details

Summary

Ref T4340. If you don't configure a CDN and visit a custom site (like a Phame blog site, or a CORGI sandbox internally) we serve resources from the main site. This violates the Content-Security-Policy.

When there's no CDN, include the primary domain in the CSP explicitly.

Test Plan

Loaded local.www.phacility.com, got resources.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Mar 2 2018, 3:42 PM
This revision was automatically updated to reflect the committed changes.