Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F15444818
D19172.id.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
939 B
Referenced Files
None
Subscribers
None
D19172.id.diff
View Options
diff --git a/src/aphront/response/AphrontResponse.php b/src/aphront/response/AphrontResponse.php
--- a/src/aphront/response/AphrontResponse.php
+++ b/src/aphront/response/AphrontResponse.php
@@ -103,9 +103,20 @@
return null;
}
- $csp = array();
+ // NOTE: We may return a response during preflight checks (for example,
+ // if a user has a bad version of PHP).
+
+ // In this case, setup isn't complete yet and we can't access environmental
+ // configuration. If we aren't able to read the environment, just decline
+ // to emit a Content-Security-Policy header.
+
+ try {
+ $cdn = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
+ } catch (Exception $ex) {
+ return null;
+ }
- $cdn = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
+ $csp = array();
if ($cdn) {
$default = $this->newContentSecurityPolicySource($cdn);
} else {
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Fri, Mar 28, 11:26 AM (1 w, 3 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7223456
Default Alt Text
D19172.id.diff (939 B)
Attached To
Mode
D19172: Don't emit Content-Security-Policy when returning a response during preflight setup checks
Attached
Detach File
Event Timeline
Log In to Comment