Page MenuHomePhabricator

Don't emit Content-Security-Policy when returning a response during preflight setup checks
ClosedPublic

Authored by epriestley on Mar 5 2018, 2:52 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 17, 7:58 AM
Unknown Object (File)
Tue, Dec 17, 4:21 AM
Unknown Object (File)
Sat, Dec 14, 6:32 AM
Unknown Object (File)
Sun, Nov 24, 2:35 AM
Unknown Object (File)
Nov 8 2024, 2:53 PM
Unknown Object (File)
Oct 22 2024, 7:37 PM
Unknown Object (File)
Oct 21 2024, 10:33 PM
Unknown Object (File)
Oct 10 2024, 1:19 AM
Subscribers
None

Details

Summary

Ref T4340. See https://discourse.phabricator-community.org/t/core-exception-during-installation/1193/8.

If we return a response very early during setup, we may not be able to read from the environment yet. Just decline to build a "Content-Security-Policy" header in these cases.

Test Plan
  • Faked a preflight error (e.g., safe_mode enabled), restarted apache.
    • Before patch: environment error while generating CSP.
    • After patch: no error.
  • Loaded a normal page, observed an normal CSP header.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Mar 5 2018, 2:53 PM
epriestley requested review of this revision.
This revision was automatically updated to reflect the committed changes.