Page MenuHomePhabricator

D20163.diff
No OneTemporary

D20163.diff

diff --git a/src/aphront/sink/AphrontHTTPSink.php b/src/aphront/sink/AphrontHTTPSink.php
--- a/src/aphront/sink/AphrontHTTPSink.php
+++ b/src/aphront/sink/AphrontHTTPSink.php
@@ -111,6 +111,17 @@
// HTTP headers.
$data = $response->getContentIterator();
+ // This isn't an exceptionally clean separation of concerns, but we need
+ // to add CSP headers for all response types (including both web pages
+ // and dialogs) and can't determine the correct CSP until after we render
+ // the page (because page elements like Recaptcha may add CSP rules).
+ $static = CelerityAPI::getStaticResourceResponse();
+ foreach ($static->getContentSecurityPolicyURIMap() as $kind => $uris) {
+ foreach ($uris as $uri) {
+ $response->addContentSecurityPolicyURI($kind, $uri);
+ }
+ }
+
$all_headers = array_merge(
$response->getHeaders(),
$response->getCacheHeaders());
diff --git a/src/view/page/PhabricatorStandardPageView.php b/src/view/page/PhabricatorStandardPageView.php
--- a/src/view/page/PhabricatorStandardPageView.php
+++ b/src/view/page/PhabricatorStandardPageView.php
@@ -892,13 +892,6 @@
$response = id(new AphrontWebpageResponse())
->setContent($content)
->setFrameable($this->getFrameable());
-
- $static = CelerityAPI::getStaticResourceResponse();
- foreach ($static->getContentSecurityPolicyURIMap() as $kind => $uris) {
- foreach ($uris as $uri) {
- $response->addContentSecurityPolicyURI($kind, $uri);
- }
- }
}
return $response;

File Metadata

Mime Type
text/plain
Expires
Wed, Dec 25, 12:40 PM (11 h, 14 m)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6926282
Default Alt Text
D20163.diff (1 KB)

Event Timeline