Page MenuHomePhabricator

Fix Content-Security-Policy headers on "Email Login" page
ClosedPublic

Authored by epriestley on Feb 13 2019, 11:34 PM.
Tags
None
Referenced Files
F14412135: D20163.diff
Tue, Dec 24, 12:40 PM
Unknown Object (File)
Sat, Dec 21, 6:00 PM
Unknown Object (File)
Sun, Dec 15, 4:48 PM
Unknown Object (File)
Wed, Dec 11, 2:53 PM
Unknown Object (File)
Tue, Dec 10, 9:56 AM
Unknown Object (File)
Wed, Dec 4, 7:49 PM
Unknown Object (File)
Fri, Nov 29, 6:50 PM
Unknown Object (File)
Wed, Nov 27, 1:54 AM
Subscribers
None

Details

Summary

In D20100, I changed this page from returning a newPage() with a dialog as its content to returning a more modern newDialog().

However, the magic to add stuff to the CSP header is actually only on the newPage() pathway today, so this accidentally dropped the extra "Content-Security-Policy" rule for Google.

Lift the magic up one level so both Dialog and Page responses hit it.

Test Plan
  • Configured Recaptcha.
  • Between D20100 and this patch: got a CSP error on the Email Login page.
  • After this patch: clicked all the pictures of cars / store fronts.

Diff Detail

Repository
rP Phabricator
Branch
csp1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 21991
Build 30036: Run Core Tests
Build 30035: arc lint + arc unit

Event Timeline

In D20100, I changed this page...

Oh, this is missing some context -- that is, the "forgot password?" / "email login" page. See https://discourse.phabricator-community.org/t/phabricator-recaptcha-at-forgot-password-page/2395/ for context.

This revision is now accepted and ready to land.Feb 14 2019, 8:22 PM
This revision was automatically updated to reflect the committed changes.