HomePhabricator

Include the primary domain in the Content-Security-Policy explicitly if there's…

Authored by epriestley on Mar 2 2018, 2:59 PM.

Description

Include the primary domain in the Content-Security-Policy explicitly if there's no CDN

Summary:
Ref T4340. If you don't configure a CDN and visit a custom site (like a Phame blog site, or a CORGI sandbox internally) we serve resources from the main site. This violates the Content-Security-Policy.

When there's no CDN, include the primary domain in the CSP explicitly.

Test Plan: Loaded local.www.phacility.com, got resources.

Maniphest Tasks: T4340

Differential Revision: https://secure.phabricator.com/D19170