Fix Content-Security-Policy headers on "Email Login" page
ClosedPublic
Actions

Authored by epriestley on Feb 13 2019, 11:34 PM.

Details

Reviewers

Commits

rP8d856af7261c: (stable) Fix Content-Security-Policy headers on "Email Login" page
rPc5772f51dea7: Fix Content-Security-Policy headers on "Email Login" page

Summary

In D20100, I changed this page from returning a newPage() with a dialog as its content to returning a more modern newDialog().

However, the magic to add stuff to the CSP header is actually only on the newPage() pathway today, so this accidentally dropped the extra "Content-Security-Policy" rule for Google.

Lift the magic up one level so both Dialog and Page responses hit it.

Test Plan

Configured Recaptcha.
Between D20100 and this patch: got a CSP error on the Email Login page.
After this patch: clicked all the pictures of cars / store fronts.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Feb 13 2019, 11:34 PM

Harbormaster completed remote builds in B21991: Diff 48147.Feb 13 2019, 11:36 PM

epriestley requested review of this revision.Feb 13 2019, 11:36 PM

In D20100, I changed this page...

Oh, this is missing some context -- that is, the "forgot password?" / "email login" page. See https://discourse.phabricator-community.org/t/phabricator-recaptcha-at-forgot-password-page/2395/ for context.

amckinley accepted this revision.Feb 14 2019, 8:22 PM

This revision is now accepted and ready to land.Feb 14 2019, 8:22 PM

Closed by commit rPc5772f51dea7: Fix Content-Security-Policy headers on "Email Login" page (authored by epriestley). · Explain WhyFeb 14 2019, 8:53 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

aphront/

sink/

AphrontHTTPSink.php

11 lines

view/

page/

PhabricatorStandardPageView.php

7 lines

Diff 48168

View Options

src/aphront/sink/AphrontHTTPSink.php