Page MenuHomePhabricator

Include the primary domain in the Content-Security-Policy explicitly if there's no CDN
ClosedPublic

Authored by epriestley on Mar 2 2018, 3:03 PM.
Tags
None
Referenced Files
F12827739: D19170.id.diff
Thu, Mar 28, 10:20 AM
Unknown Object (File)
Tue, Mar 26, 4:56 PM
Unknown Object (File)
Feb 7 2024, 9:08 PM
Unknown Object (File)
Nov 30 2023, 1:32 AM
Unknown Object (File)
Nov 17 2023, 9:58 AM
Unknown Object (File)
Nov 15 2023, 4:28 PM
Unknown Object (File)
Nov 15 2023, 4:03 PM
Unknown Object (File)
Nov 10 2023, 10:33 PM
Subscribers
None

Details

Summary

Ref T4340. If you don't configure a CDN and visit a custom site (like a Phame blog site, or a CORGI sandbox internally) we serve resources from the main site. This violates the Content-Security-Policy.

When there's no CDN, include the primary domain in the CSP explicitly.

Test Plan

Loaded local.www.phacility.com, got resources.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Mar 2 2018, 3:42 PM
This revision was automatically updated to reflect the committed changes.