Page MenuHomePhabricator
Differential D20163

Fix Content-Security-Policy headers on "Email Login" page
ClosedPublic
Actions

Authored by epriestley on Feb 13 2019, 11:34 PM.
Tags
None
Referenced Files
F15447072: D20163.id.diff
Thu, Mar 27, 9:43 PM
F15446863: D20163.id48168.diff
Thu, Mar 27, 8:35 PM
F15436731: D20163.diff
Tue, Mar 25, 4:16 PM
F15420291: D20163.diff
Fri, Mar 21, 12:50 PM
Unknown Object (File)
Feb 24 2025, 2:30 AM
Unknown Object (File)
Feb 23 2025, 4:03 PM
Unknown Object (File)
Feb 22 2025, 8:32 AM
Unknown Object (File)
Feb 18 2025, 3:50 AM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Commits
rP8d856af7261c: (stable) Fix Content-Security-Policy headers on "Email Login" page
rPc5772f51dea7: Fix Content-Security-Policy headers on "Email Login" page
Summary

In D20100, I changed this page from returning a newPage() with a dialog as its content to returning a more modern newDialog().

However, the magic to add stuff to the CSP header is actually only on the newPage() pathway today, so this accidentally dropped the extra "Content-Security-Policy" rule for Google.

Lift the magic up one level so both Dialog and Page responses hit it.

Test Plan
  • Configured Recaptcha.
  • Between D20100 and this patch: got a CSP error on the Email Login page.
  • After this patch: clicked all the pictures of cars / store fronts.

Diff Detail

Repository
rP Phabricator
Branch
csp1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 21991
Build 30036: Run Core Tests
Build 30035: arc lint + arc unit

Event Timeline

epriestley created this revision.Feb 13 2019, 11:34 PM
Harbormaster completed remote builds in B21991: Diff 48147.Feb 13 2019, 11:36 PM
epriestley requested review of this revision.Feb 13 2019, 11:36 PM
epriestley added a comment.Feb 14 2019, 12:36 AM

In D20100, I changed this page...

Oh, this is missing some context -- that is, the "forgot password?" / "email login" page. See https://discourse.phabricator-community.org/t/phabricator-recaptcha-at-forgot-password-page/2395/ for context.

amckinley accepted this revision.Feb 14 2019, 8:22 PM
This revision is now accepted and ready to land.Feb 14 2019, 8:22 PM
Closed by commit rPc5772f51dea7: Fix Content-Security-Policy headers on "Email Login" page (authored by epriestley). · Explain WhyFeb 14 2019, 8:53 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
aphront/
sink/
11 lines
view/
page/
7 lines

Diff 48147

View Options

src/aphront/sink/AphrontHTTPSink.php

Loading...
View Options

src/view/page/PhabricatorStandardPageView.php

Loading...
Phabricator · Built by Phacility