Page MenuHomePhabricator

Include the primary domain in the Content-Security-Policy explicitly if there's no CDN
ClosedPublic

Authored by epriestley on Mar 2 2018, 3:03 PM.

Details

Summary

Ref T4340. If you don't configure a CDN and visit a custom site (like a Phame blog site, or a CORGI sandbox internally) we serve resources from the main site. This violates the Content-Security-Policy.

When there's no CDN, include the primary domain in the CSP explicitly.

Test Plan

Loaded local.www.phacility.com, got resources.

Diff Detail

Repository
rP Phabricator
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Mar 2 2018, 3:03 PM
epriestley requested review of this revision.Mar 2 2018, 3:05 PM
This revision was not accepted when it landed; it landed in state Needs Review.Mar 2 2018, 3:42 PM
This revision was automatically updated to reflect the committed changes.