diff --git a/src/aphront/response/AphrontResponse.php b/src/aphront/response/AphrontResponse.php
index 05d230aa71..73c4e68f00 100644
--- a/src/aphront/response/AphrontResponse.php
+++ b/src/aphront/response/AphrontResponse.php
@@ -1,404 +1,405 @@
 <?php
 
 abstract class AphrontResponse extends Phobject {
 
   private $request;
   private $cacheable = false;
   private $canCDN;
   private $responseCode = 200;
   private $lastModified = null;
   private $contentSecurityPolicyURIs;
   private $disableContentSecurityPolicy;
   protected $frameable;
 
 
   public function setRequest($request) {
     $this->request = $request;
     return $this;
   }
 
   public function getRequest() {
     return $this->request;
   }
 
   final public function addContentSecurityPolicyURI($kind, $uri) {
     if ($this->contentSecurityPolicyURIs === null) {
       $this->contentSecurityPolicyURIs = array(
-         'script' => array(),
-         'connect' => array(),
-         'frame' => array(),
+         'script-src' => array(),
+         'connect-src' => array(),
+         'frame-src' => array(),
+         'form-action' => array(),
        );
     }
 
     if (!isset($this->contentSecurityPolicyURIs[$kind])) {
       throw new Exception(
         pht(
           'Unknown Content-Security-Policy URI kind "%s".',
           $kind));
     }
 
     $this->contentSecurityPolicyURIs[$kind][] = (string)$uri;
 
     return $this;
   }
 
   final public function setDisableContentSecurityPolicy($disable) {
     $this->disableContentSecurityPolicy = $disable;
     return $this;
   }
 
 
 /* -(  Content  )------------------------------------------------------------ */
 
 
   public function getContentIterator() {
     return array($this->buildResponseString());
   }
 
   public function buildResponseString() {
     throw new PhutilMethodNotImplementedException();
   }
 
 
 /* -(  Metadata  )----------------------------------------------------------- */
 
 
   public function getHeaders() {
     $headers = array();
     if (!$this->frameable) {
       $headers[] = array('X-Frame-Options', 'Deny');
     }
 
     if ($this->getRequest() && $this->getRequest()->isHTTPS()) {
       $hsts_key = 'security.strict-transport-security';
       $use_hsts = PhabricatorEnv::getEnvConfig($hsts_key);
       if ($use_hsts) {
         $duration = phutil_units('365 days in seconds');
       } else {
         // If HSTS has been disabled, tell browsers to turn it off. This may
         // not be effective because we can only disable it over a valid HTTPS
         // connection, but it best represents the configured intent.
         $duration = 0;
       }
 
       $headers[] = array(
         'Strict-Transport-Security',
         "max-age={$duration}; includeSubdomains; preload",
       );
     }
 
     $csp = $this->newContentSecurityPolicyHeader();
     if ($csp !== null) {
       $headers[] = array('Content-Security-Policy', $csp);
     }
 
     $headers[] = array('Referrer-Policy', 'no-referrer');
 
     return $headers;
   }
 
   private function newContentSecurityPolicyHeader() {
     if ($this->disableContentSecurityPolicy) {
       return null;
     }
 
     $csp = array();
 
     $cdn = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
     if ($cdn) {
       $default = $this->newContentSecurityPolicySource($cdn);
     } else {
       $default = "'self'";
     }
 
     $csp[] = "default-src {$default}";
 
     // We use "data:" URIs to inline small images into CSS. This policy allows
     // "data:" URIs to be used anywhere, but there doesn't appear to be a way
     // to say that "data:" URIs are okay in CSS files but not in the document.
     $csp[] = "img-src {$default} data:";
 
     // We use inline style="..." attributes in various places, many of which
     // are legitimate. We also currently use a <style> tag to implement the
     // "Monospaced Font Preference" setting.
     $csp[] = "style-src {$default} 'unsafe-inline'";
 
     // On a small number of pages, including the Stripe workflow and the
     // ReCAPTCHA challenge, we embed external Javascript directly.
-    $csp[] = $this->newContentSecurityPolicy('script', $default);
+    $csp[] = $this->newContentSecurityPolicy('script-src', $default);
 
     // We need to specify that we can connect to ourself in order for AJAX
     // requests to work.
-    $csp[] = $this->newContentSecurityPolicy('connect', "'self'");
+    $csp[] = $this->newContentSecurityPolicy('connect-src', "'self'");
 
     // DarkConsole and PHPAST both use frames to render some content.
-    $csp[] = $this->newContentSecurityPolicy('frame', "'self'");
+    $csp[] = $this->newContentSecurityPolicy('frame-src', "'self'");
 
     // This is a more modern flavor of of "X-Frame-Options" and prevents
     // clickjacking attacks where the page is included in a tiny iframe and
     // the user is convinced to click a element on the page, which really
     // clicks a dangerous button hidden under a picture of a cat.
     if ($this->frameable) {
       $csp[] = "frame-ancestors 'self'";
     } else {
       $csp[] = "frame-ancestors 'none'";
     }
 
     // Block relics of the old world: Flash, Java applets, and so on.
     $csp[] = "object-src 'none'";
 
     // Don't allow forms to submit offsite.
 
     // This can result in some trickiness with file downloads if applications
     // try to start downloads by submitting a dialog. Redirect to the file's
     // download URI instead of submitting a form to it.
-    $csp[] = "form-action 'self'";
+    $csp[] = $this->newContentSecurityPolicy('form-action', "'self'");
 
     // Block use of "<base>" to change the origin of relative URIs on the page.
     $csp[] = "base-uri 'none'";
 
     $csp = implode('; ', $csp);
 
     return $csp;
   }
 
   private function newContentSecurityPolicy($type, $defaults) {
     if ($defaults === null) {
       $sources = array();
     } else {
       $sources = (array)$defaults;
     }
 
     $uris = $this->contentSecurityPolicyURIs;
     if (isset($uris[$type])) {
       foreach ($uris[$type] as $uri) {
         $sources[] = $this->newContentSecurityPolicySource($uri);
       }
     }
     $sources = array_unique($sources);
 
-    return "{$type}-src ".implode(' ', $sources);
+    return $type.' '.implode(' ', $sources);
   }
 
   private function newContentSecurityPolicySource($uri) {
     // Some CSP URIs are ultimately user controlled (like notification server
     // URIs and CDN URIs) so attempt to stop an attacker from injecting an
     // unsafe source (like 'unsafe-eval') into the CSP header.
 
     $uri = id(new PhutilURI($uri))
       ->setPath(null)
       ->setFragment(null)
       ->setQueryParams(array());
 
     $uri = (string)$uri;
     if (preg_match('/[ ;\']/', $uri)) {
       throw new Exception(
         pht(
           'Attempting to emit a response with an unsafe source ("%s") in the '.
           'Content-Security-Policy header.',
           $uri));
     }
 
     return $uri;
   }
 
   public function setCacheDurationInSeconds($duration) {
     $this->cacheable = $duration;
     return $this;
   }
 
   public function setCanCDN($can_cdn) {
     $this->canCDN = $can_cdn;
     return $this;
   }
 
   public function setLastModified($epoch_timestamp) {
     $this->lastModified = $epoch_timestamp;
     return $this;
   }
 
   public function setHTTPResponseCode($code) {
     $this->responseCode = $code;
     return $this;
   }
 
   public function getHTTPResponseCode() {
     return $this->responseCode;
   }
 
   public function getHTTPResponseMessage() {
     switch ($this->getHTTPResponseCode()) {
       case 100: return 'Continue';
       case 101: return 'Switching Protocols';
       case 200: return 'OK';
       case 201: return 'Created';
       case 202: return 'Accepted';
       case 203: return 'Non-Authoritative Information';
       case 204: return 'No Content';
       case 205: return 'Reset Content';
       case 206: return 'Partial Content';
       case 300: return 'Multiple Choices';
       case 301: return 'Moved Permanently';
       case 302: return 'Found';
       case 303: return 'See Other';
       case 304: return 'Not Modified';
       case 305: return 'Use Proxy';
       case 306: return 'Switch Proxy';
       case 307: return 'Temporary Redirect';
       case 400: return 'Bad Request';
       case 401: return 'Unauthorized';
       case 402: return 'Payment Required';
       case 403: return 'Forbidden';
       case 404: return 'Not Found';
       case 405: return 'Method Not Allowed';
       case 406: return 'Not Acceptable';
       case 407: return 'Proxy Authentication Required';
       case 408: return 'Request Timeout';
       case 409: return 'Conflict';
       case 410: return 'Gone';
       case 411: return 'Length Required';
       case 412: return 'Precondition Failed';
       case 413: return 'Request Entity Too Large';
       case 414: return 'Request-URI Too Long';
       case 415: return 'Unsupported Media Type';
       case 416: return 'Requested Range Not Satisfiable';
       case 417: return 'Expectation Failed';
       case 418: return "I'm a teapot";
       case 426: return 'Upgrade Required';
       case 500: return 'Internal Server Error';
       case 501: return 'Not Implemented';
       case 502: return 'Bad Gateway';
       case 503: return 'Service Unavailable';
       case 504: return 'Gateway Timeout';
       case 505: return 'HTTP Version Not Supported';
       default:  return '';
     }
   }
 
   public function setFrameable($frameable) {
     $this->frameable = $frameable;
     return $this;
   }
 
   public static function processValueForJSONEncoding(&$value, $key) {
     if ($value instanceof PhutilSafeHTMLProducerInterface) {
       // This renders the producer down to PhutilSafeHTML, which will then
       // be simplified into a string below.
       $value = hsprintf('%s', $value);
     }
 
     if ($value instanceof PhutilSafeHTML) {
       // TODO: Javelin supports implicity conversion of '__html' objects to
       // JX.HTML, but only for Ajax responses, not behaviors. Just leave things
       // as they are for now (where behaviors treat responses as HTML or plain
       // text at their discretion).
       $value = $value->getHTMLContent();
     }
   }
 
   public static function encodeJSONForHTTPResponse(array $object) {
 
     array_walk_recursive(
       $object,
       array(__CLASS__, 'processValueForJSONEncoding'));
 
     $response = phutil_json_encode($object);
 
     // Prevent content sniffing attacks by encoding "<" and ">", so browsers
     // won't try to execute the document as HTML even if they ignore
     // Content-Type and X-Content-Type-Options. See T865.
     $response = str_replace(
       array('<', '>'),
       array('\u003c', '\u003e'),
       $response);
 
     return $response;
   }
 
   protected function addJSONShield($json_response) {
     // Add a shield to prevent "JSON Hijacking" attacks where an attacker
     // requests a JSON response using a normal <script /> tag and then uses
     // Object.prototype.__defineSetter__() or similar to read response data.
     // This header causes the browser to loop infinitely instead of handing over
     // sensitive data.
 
     $shield = 'for (;;);';
 
     $response = $shield.$json_response;
 
     return $response;
   }
 
   public function getCacheHeaders() {
     $headers = array();
     if ($this->cacheable) {
       $cache_control = array();
       $cache_control[] = sprintf('max-age=%d', $this->cacheable);
 
       if ($this->canCDN) {
         $cache_control[] = 'public';
       } else {
         $cache_control[] = 'private';
       }
 
       $headers[] = array(
         'Cache-Control',
         implode(', ', $cache_control),
       );
 
       $headers[] = array(
         'Expires',
         $this->formatEpochTimestampForHTTPHeader(time() + $this->cacheable),
       );
     } else {
       $headers[] = array(
         'Cache-Control',
         'no-store',
       );
       $headers[] = array(
         'Expires',
         'Sat, 01 Jan 2000 00:00:00 GMT',
       );
     }
 
     if ($this->lastModified) {
       $headers[] = array(
         'Last-Modified',
         $this->formatEpochTimestampForHTTPHeader($this->lastModified),
       );
     }
 
     // IE has a feature where it may override an explicit Content-Type
     // declaration by inferring a content type. This can be a security risk
     // and we always explicitly transmit the correct Content-Type header, so
     // prevent IE from using inferred content types. This only offers protection
     // on recent versions of IE; IE6/7 and Opera currently ignore this header.
     $headers[] = array('X-Content-Type-Options', 'nosniff');
 
     return $headers;
   }
 
   private function formatEpochTimestampForHTTPHeader($epoch_timestamp) {
     return gmdate('D, d M Y H:i:s', $epoch_timestamp).' GMT';
   }
 
   protected function shouldCompressResponse() {
     return true;
   }
 
   public function willBeginWrite() {
     if ($this->shouldCompressResponse()) {
       // Enable automatic compression here. Webservers sometimes do this for
       // us, but we now detect the absence of compression and warn users about
       // it so try to cover our bases more thoroughly.
       ini_set('zlib.output_compression', 1);
     } else {
       ini_set('zlib.output_compression', 0);
     }
   }
 
   public function didCompleteWrite($aborted) {
     return;
   }
 
 }
diff --git a/src/applications/auth/provider/PhabricatorAuthProvider.php b/src/applications/auth/provider/PhabricatorAuthProvider.php
index d655efd790..0525edad54 100644
--- a/src/applications/auth/provider/PhabricatorAuthProvider.php
+++ b/src/applications/auth/provider/PhabricatorAuthProvider.php
@@ -1,508 +1,519 @@
 <?php
 
 abstract class PhabricatorAuthProvider extends Phobject {
 
   private $providerConfig;
 
   public function attachProviderConfig(PhabricatorAuthProviderConfig $config) {
     $this->providerConfig = $config;
     return $this;
   }
 
   public function hasProviderConfig() {
     return (bool)$this->providerConfig;
   }
 
   public function getProviderConfig() {
     if ($this->providerConfig === null) {
       throw new PhutilInvalidStateException('attachProviderConfig');
     }
     return $this->providerConfig;
   }
 
   public function getConfigurationHelp() {
     return null;
   }
 
   public function getDefaultProviderConfig() {
     return id(new PhabricatorAuthProviderConfig())
       ->setProviderClass(get_class($this))
       ->setIsEnabled(1)
       ->setShouldAllowLogin(1)
       ->setShouldAllowRegistration(1)
       ->setShouldAllowLink(1)
       ->setShouldAllowUnlink(1);
   }
 
   public function getNameForCreate() {
     return $this->getProviderName();
   }
 
   public function getDescriptionForCreate() {
     return null;
   }
 
   public function getProviderKey() {
     return $this->getAdapter()->getAdapterKey();
   }
 
   public function getProviderType() {
     return $this->getAdapter()->getAdapterType();
   }
 
   public function getProviderDomain() {
     return $this->getAdapter()->getAdapterDomain();
   }
 
   public static function getAllBaseProviders() {
     return id(new PhutilClassMapQuery())
       ->setAncestorClass(__CLASS__)
       ->execute();
   }
 
   public static function getAllProviders() {
     static $providers;
 
     if ($providers === null) {
       $objects = self::getAllBaseProviders();
 
       $configs = id(new PhabricatorAuthProviderConfigQuery())
         ->setViewer(PhabricatorUser::getOmnipotentUser())
         ->execute();
 
       $providers = array();
       foreach ($configs as $config) {
         if (!isset($objects[$config->getProviderClass()])) {
           // This configuration is for a provider which is not installed.
           continue;
         }
 
         $object = clone $objects[$config->getProviderClass()];
         $object->attachProviderConfig($config);
 
         $key = $object->getProviderKey();
         if (isset($providers[$key])) {
           throw new Exception(
             pht(
               "Two authentication providers use the same provider key ".
               "('%s'). Each provider must be identified by a unique key.",
               $key));
         }
         $providers[$key] = $object;
       }
     }
 
     return $providers;
   }
 
   public static function getAllEnabledProviders() {
     $providers = self::getAllProviders();
     foreach ($providers as $key => $provider) {
       if (!$provider->isEnabled()) {
         unset($providers[$key]);
       }
     }
     return $providers;
   }
 
   public static function getEnabledProviderByKey($provider_key) {
     return idx(self::getAllEnabledProviders(), $provider_key);
   }
 
   abstract public function getProviderName();
   abstract public function getAdapter();
 
   public function isEnabled() {
     return $this->getProviderConfig()->getIsEnabled();
   }
 
   public function shouldAllowLogin() {
     return $this->getProviderConfig()->getShouldAllowLogin();
   }
 
   public function shouldAllowRegistration() {
     if (!$this->shouldAllowLogin()) {
       return false;
     }
 
     return $this->getProviderConfig()->getShouldAllowRegistration();
   }
 
   public function shouldAllowAccountLink() {
     return $this->getProviderConfig()->getShouldAllowLink();
   }
 
   public function shouldAllowAccountUnlink() {
     return $this->getProviderConfig()->getShouldAllowUnlink();
   }
 
   public function shouldTrustEmails() {
     return $this->shouldAllowEmailTrustConfiguration() &&
            $this->getProviderConfig()->getShouldTrustEmails();
   }
 
   /**
    * Should we allow the adapter to be marked as "trusted". This is true for
    * all adapters except those that allow the user to type in emails (see
    * @{class:PhabricatorPasswordAuthProvider}).
    */
   public function shouldAllowEmailTrustConfiguration() {
     return true;
   }
 
   public function buildLoginForm(PhabricatorAuthStartController $controller) {
     return $this->renderLoginForm($controller->getRequest(), $mode = 'start');
   }
 
   public function buildInviteForm(PhabricatorAuthStartController $controller) {
     return $this->renderLoginForm($controller->getRequest(), $mode = 'invite');
   }
 
   abstract public function processLoginRequest(
     PhabricatorAuthLoginController $controller);
 
   public function buildLinkForm(PhabricatorAuthLinkController $controller) {
     return $this->renderLoginForm($controller->getRequest(), $mode = 'link');
   }
 
   public function shouldAllowAccountRefresh() {
     return true;
   }
 
   public function buildRefreshForm(
     PhabricatorAuthLinkController $controller) {
     return $this->renderLoginForm($controller->getRequest(), $mode = 'refresh');
   }
 
   protected function renderLoginForm(AphrontRequest $request, $mode) {
     throw new PhutilMethodNotImplementedException();
   }
 
   public function createProviders() {
     return array($this);
   }
 
   protected function willSaveAccount(PhabricatorExternalAccount $account) {
     return;
   }
 
   public function willRegisterAccount(PhabricatorExternalAccount $account) {
     return;
   }
 
   protected function loadOrCreateAccount($account_id) {
     if (!strlen($account_id)) {
       throw new Exception(pht('Empty account ID!'));
     }
 
     $adapter = $this->getAdapter();
     $adapter_class = get_class($adapter);
 
     if (!strlen($adapter->getAdapterType())) {
       throw new Exception(
         pht(
           "AuthAdapter (of class '%s') has an invalid implementation: ".
           "no adapter type.",
           $adapter_class));
     }
 
     if (!strlen($adapter->getAdapterDomain())) {
       throw new Exception(
         pht(
           "AuthAdapter (of class '%s') has an invalid implementation: ".
           "no adapter domain.",
           $adapter_class));
     }
 
     $account = id(new PhabricatorExternalAccount())->loadOneWhere(
       'accountType = %s AND accountDomain = %s AND accountID = %s',
       $adapter->getAdapterType(),
       $adapter->getAdapterDomain(),
       $account_id);
     if (!$account) {
       $account = id(new PhabricatorExternalAccount())
         ->setAccountType($adapter->getAdapterType())
         ->setAccountDomain($adapter->getAdapterDomain())
         ->setAccountID($account_id);
     }
 
     $account->setUsername($adapter->getAccountName());
     $account->setRealName($adapter->getAccountRealName());
     $account->setEmail($adapter->getAccountEmail());
     $account->setAccountURI($adapter->getAccountURI());
 
     $account->setProfileImagePHID(null);
     $image_uri = $adapter->getAccountImageURI();
     if ($image_uri) {
       try {
         $name = PhabricatorSlug::normalize($this->getProviderName());
         $name = $name.'-profile.jpg';
 
         // TODO: If the image has not changed, we do not need to make a new
         // file entry for it, but there's no convenient way to do this with
         // PhabricatorFile right now. The storage will get shared, so the impact
         // here is negligible.
         $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
           $image_file = PhabricatorFile::newFromFileDownload(
             $image_uri,
             array(
               'name' => $name,
               'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
             ));
           if ($image_file->isViewableImage()) {
             $image_file
               ->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())
               ->setCanCDN(true)
               ->save();
             $account->setProfileImagePHID($image_file->getPHID());
           } else {
             $image_file->delete();
           }
         unset($unguarded);
 
       } catch (Exception $ex) {
         // Log this but proceed, it's not especially important that we
         // be able to pull profile images.
         phlog($ex);
       }
     }
 
     $this->willSaveAccount($account);
 
     $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
     $account->save();
     unset($unguarded);
 
     return $account;
   }
 
   public function getLoginURI() {
     $app = PhabricatorApplication::getByClass('PhabricatorAuthApplication');
     return $app->getApplicationURI('/login/'.$this->getProviderKey().'/');
   }
 
   public function getSettingsURI() {
     return '/settings/panel/external/';
   }
 
   public function getStartURI() {
     $app = PhabricatorApplication::getByClass('PhabricatorAuthApplication');
     $uri = $app->getApplicationURI('/start/');
     return $uri;
   }
 
   public function isDefaultRegistrationProvider() {
     return false;
   }
 
   public function shouldRequireRegistrationPassword() {
     return false;
   }
 
   public function getDefaultExternalAccount() {
     throw new PhutilMethodNotImplementedException();
   }
 
   public function getLoginOrder() {
     return '500-'.$this->getProviderName();
   }
 
   protected function getLoginIcon() {
     return 'Generic';
   }
 
   public function isLoginFormAButton() {
     return false;
   }
 
   public function renderConfigPropertyTransactionTitle(
     PhabricatorAuthProviderConfigTransaction $xaction) {
 
     return null;
   }
 
   public function readFormValuesFromProvider() {
     return array();
   }
 
   public function readFormValuesFromRequest(AphrontRequest $request) {
     return array();
   }
 
   public function processEditForm(
     AphrontRequest $request,
     array $values) {
 
     $errors = array();
     $issues = array();
 
     return array($errors, $issues, $values);
   }
 
   public function extendEditForm(
     AphrontRequest $request,
     AphrontFormView $form,
     array $values,
     array $issues) {
 
     return;
   }
 
   public function willRenderLinkedAccount(
     PhabricatorUser $viewer,
     PHUIObjectItemView $item,
     PhabricatorExternalAccount $account) {
 
     $account_view = id(new PhabricatorAuthAccountView())
       ->setExternalAccount($account)
       ->setAuthProvider($this);
 
     $item->appendChild(
       phutil_tag(
         'div',
         array(
           'class' => 'mmr mml mst mmb',
         ),
         $account_view));
   }
 
   /**
    * Return true to use a two-step configuration (setup, configure) instead of
    * the default single-step configuration. In practice, this means that
    * creating a new provider instance will redirect back to the edit page
    * instead of the provider list.
    *
    * @return bool True if this provider uses two-step configuration.
    */
   public function hasSetupStep() {
     return false;
   }
 
   /**
    * Render a standard login/register button element.
    *
    * The `$attributes` parameter takes these keys:
    *
    *   - `uri`: URI the button should take the user to when clicked.
    *   - `method`: Optional HTTP method the button should use, defaults to GET.
    *
    * @param   AphrontRequest  HTTP request.
    * @param   string          Request mode string.
    * @param   map             Additional parameters, see above.
    * @return  wild            Log in button.
    */
   protected function renderStandardLoginButton(
     AphrontRequest $request,
     $mode,
     array $attributes = array()) {
 
     PhutilTypeSpec::checkMap(
       $attributes,
       array(
         'method' => 'optional string',
         'uri' => 'string',
         'sigil' => 'optional string',
       ));
 
     $viewer = $request->getUser();
     $adapter = $this->getAdapter();
 
     if ($mode == 'link') {
       $button_text = pht('Link External Account');
     } else if ($mode == 'refresh') {
       $button_text = pht('Refresh Account Link');
     } else if ($mode == 'invite') {
       $button_text = pht('Register Account');
     } else if ($this->shouldAllowRegistration()) {
       $button_text = pht('Log In or Register');
     } else {
       $button_text = pht('Log In');
     }
 
     $icon = id(new PHUIIconView())
       ->setSpriteSheet(PHUIIconView::SPRITE_LOGIN)
       ->setSpriteIcon($this->getLoginIcon());
 
     $button = id(new PHUIButtonView())
       ->setSize(PHUIButtonView::BIG)
       ->setColor(PHUIButtonView::GREY)
       ->setIcon($icon)
       ->setText($button_text)
       ->setSubtext($this->getProviderName());
 
     $uri = $attributes['uri'];
     $uri = new PhutilURI($uri);
     $params = $uri->getQueryParams();
     $uri->setQueryParams(array());
 
     $content = array($button);
 
     foreach ($params as $key => $value) {
       $content[] = phutil_tag(
         'input',
         array(
           'type' => 'hidden',
           'name' => $key,
           'value' => $value,
         ));
     }
 
+    $static_response = CelerityAPI::getStaticResourceResponse();
+    $static_response->addContentSecurityPolicyURI('form-action', (string)$uri);
+
+    foreach ($this->getContentSecurityPolicyFormActions() as $csp_uri) {
+      $static_response->addContentSecurityPolicyURI('form-action', $csp_uri);
+    }
+
     return phabricator_form(
       $viewer,
       array(
         'method' => idx($attributes, 'method', 'GET'),
         'action' => (string)$uri,
         'sigil'  => idx($attributes, 'sigil'),
       ),
       $content);
   }
 
   public function renderConfigurationFooter() {
     return null;
   }
 
   public function getAuthCSRFCode(AphrontRequest $request) {
     $phcid = $request->getCookie(PhabricatorCookies::COOKIE_CLIENTID);
     if (!strlen($phcid)) {
       throw new AphrontMalformedRequestException(
         pht('Missing Client ID Cookie'),
         pht(
           'Your browser did not submit a "%s" cookie with client state '.
           'information in the request. Check that cookies are enabled. '.
           'If this problem persists, you may need to clear your cookies.',
           PhabricatorCookies::COOKIE_CLIENTID),
         true);
     }
 
     return PhabricatorHash::weakDigest($phcid);
   }
 
   protected function verifyAuthCSRFCode(AphrontRequest $request, $actual) {
     $expect = $this->getAuthCSRFCode($request);
 
     if (!strlen($actual)) {
       throw new Exception(
         pht(
           'The authentication provider did not return a client state '.
           'parameter in its response, but one was expected. If this '.
           'problem persists, you may need to clear your cookies.'));
     }
 
     if (!phutil_hashes_are_identical($actual, $expect)) {
       throw new Exception(
         pht(
           'The authentication provider did not return the correct client '.
           'state parameter in its response. If this problem persists, you may '.
           'need to clear your cookies.'));
     }
   }
 
   public function supportsAutoLogin() {
     return false;
   }
 
   public function getAutoLoginURI(AphrontRequest $request) {
     throw new PhutilMethodNotImplementedException();
   }
 
+  protected function getContentSecurityPolicyFormActions() {
+    return array();
+  }
+
 }
diff --git a/src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php b/src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php
index c62983de2f..2fbc637460 100644
--- a/src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php
+++ b/src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php
@@ -1,280 +1,283 @@
 <?php
 
 abstract class PhabricatorOAuth1AuthProvider
   extends PhabricatorOAuthAuthProvider {
 
   protected $adapter;
 
   const PROPERTY_CONSUMER_KEY = 'oauth1:consumer:key';
   const PROPERTY_CONSUMER_SECRET = 'oauth1:consumer:secret';
   const PROPERTY_PRIVATE_KEY = 'oauth1:private:key';
 
   protected function getIDKey() {
     return self::PROPERTY_CONSUMER_KEY;
   }
 
   protected function getSecretKey() {
     return self::PROPERTY_CONSUMER_SECRET;
   }
 
   protected function configureAdapter(PhutilOAuth1AuthAdapter $adapter) {
     $config = $this->getProviderConfig();
     $adapter->setConsumerKey($config->getProperty(self::PROPERTY_CONSUMER_KEY));
     $secret = $config->getProperty(self::PROPERTY_CONSUMER_SECRET);
     if (strlen($secret)) {
       $adapter->setConsumerSecret(new PhutilOpaqueEnvelope($secret));
     }
     $adapter->setCallbackURI(PhabricatorEnv::getURI($this->getLoginURI()));
     return $adapter;
   }
 
   protected function renderLoginForm(AphrontRequest $request, $mode) {
     $attributes = array(
       'method' => 'POST',
       'uri' => $this->getLoginURI(),
     );
     return $this->renderStandardLoginButton($request, $mode, $attributes);
   }
 
   public function processLoginRequest(
     PhabricatorAuthLoginController $controller) {
 
     $request = $controller->getRequest();
     $adapter = $this->getAdapter();
     $account = null;
     $response = null;
 
     if ($request->isHTTPPost()) {
       // Add a CSRF code to the callback URI, which we'll verify when
       // performing the login.
 
       $client_code = $this->getAuthCSRFCode($request);
 
       $callback_uri = $adapter->getCallbackURI();
       $callback_uri = $callback_uri.$client_code.'/';
       $adapter->setCallbackURI($callback_uri);
 
       $uri = $adapter->getClientRedirectURI();
 
       $this->saveHandshakeTokenSecret(
         $client_code,
         $adapter->getTokenSecret());
 
       $response = id(new AphrontRedirectResponse())
         ->setIsExternal(true)
         ->setURI($uri);
       return array($account, $response);
     }
 
     $denied = $request->getStr('denied');
     if (strlen($denied)) {
       // Twitter indicates that the user cancelled the login attempt by
       // returning "denied" as a parameter.
       throw new PhutilAuthUserAbortedException();
     }
 
     // NOTE: You can get here via GET, this should probably be a bit more
     // user friendly.
 
     $this->verifyAuthCSRFCode($request, $controller->getExtraURIData());
 
     $token = $request->getStr('oauth_token');
     $verifier = $request->getStr('oauth_verifier');
 
     if (!$token) {
       throw new Exception(pht("Expected '%s' in request!", 'oauth_token'));
     }
 
     if (!$verifier) {
       throw new Exception(pht("Expected '%s' in request!", 'oauth_verifier'));
     }
 
     $adapter->setToken($token);
     $adapter->setVerifier($verifier);
 
     $client_code = $this->getAuthCSRFCode($request);
     $token_secret = $this->loadHandshakeTokenSecret($client_code);
     $adapter->setTokenSecret($token_secret);
 
     // NOTE: As a side effect, this will cause the OAuth adapter to request
     // an access token.
 
     try {
       $account_id = $adapter->getAccountID();
     } catch (Exception $ex) {
       // TODO: Handle this in a more user-friendly way.
       throw $ex;
     }
 
     if (!strlen($account_id)) {
       $response = $controller->buildProviderErrorResponse(
         $this,
         pht(
           'The OAuth provider failed to retrieve an account ID.'));
 
       return array($account, $response);
     }
 
     return array($this->loadOrCreateAccount($account_id), $response);
   }
 
   public function processEditForm(
     AphrontRequest $request,
     array $values) {
 
     $key_ckey = self::PROPERTY_CONSUMER_KEY;
     $key_csecret = self::PROPERTY_CONSUMER_SECRET;
 
     return $this->processOAuthEditForm(
       $request,
       $values,
       pht('Consumer key is required.'),
       pht('Consumer secret is required.'));
   }
 
   public function extendEditForm(
     AphrontRequest $request,
     AphrontFormView $form,
     array $values,
     array $issues) {
 
     return $this->extendOAuthEditForm(
       $request,
       $form,
       $values,
       $issues,
       pht('OAuth Consumer Key'),
       pht('OAuth Consumer Secret'));
   }
 
   public function renderConfigPropertyTransactionTitle(
     PhabricatorAuthProviderConfigTransaction $xaction) {
 
     $author_phid = $xaction->getAuthorPHID();
     $old = $xaction->getOldValue();
     $new = $xaction->getNewValue();
     $key = $xaction->getMetadataValue(
       PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);
 
     switch ($key) {
       case self::PROPERTY_CONSUMER_KEY:
         if (strlen($old)) {
           return pht(
             '%s updated the OAuth consumer key for this provider from '.
             '"%s" to "%s".',
             $xaction->renderHandleLink($author_phid),
             $old,
             $new);
         } else {
           return pht(
             '%s set the OAuth consumer key for this provider to '.
             '"%s".',
             $xaction->renderHandleLink($author_phid),
             $new);
         }
       case self::PROPERTY_CONSUMER_SECRET:
         if (strlen($old)) {
           return pht(
             '%s updated the OAuth consumer secret for this provider.',
             $xaction->renderHandleLink($author_phid));
         } else {
           return pht(
             '%s set the OAuth consumer secret for this provider.',
             $xaction->renderHandleLink($author_phid));
         }
     }
 
     return parent::renderConfigPropertyTransactionTitle($xaction);
   }
 
   protected function synchronizeOAuthAccount(
     PhabricatorExternalAccount $account) {
     $adapter = $this->getAdapter();
 
     $oauth_token = $adapter->getToken();
     $oauth_token_secret = $adapter->getTokenSecret();
 
     $account->setProperty('oauth1.token', $oauth_token);
     $account->setProperty('oauth1.token.secret', $oauth_token_secret);
   }
 
   public function willRenderLinkedAccount(
     PhabricatorUser $viewer,
     PHUIObjectItemView $item,
     PhabricatorExternalAccount $account) {
 
     $item->addAttribute(pht('OAuth1 Account'));
 
     parent::willRenderLinkedAccount($viewer, $item, $account);
   }
 
+  protected function getContentSecurityPolicyFormActions() {
+    return $this->getAdapter()->getContentSecurityPolicyFormActions();
+  }
 
 /* -(  Temporary Secrets  )-------------------------------------------------- */
 
 
   private function saveHandshakeTokenSecret($client_code, $secret) {
     $secret_type = PhabricatorOAuth1SecretTemporaryTokenType::TOKENTYPE;
     $key = $this->getHandshakeTokenKeyFromClientCode($client_code);
     $type = $this->getTemporaryTokenType($secret_type);
 
     // Wipe out an existing token, if one exists.
     $token = id(new PhabricatorAuthTemporaryTokenQuery())
       ->setViewer(PhabricatorUser::getOmnipotentUser())
       ->withTokenResources(array($key))
       ->withTokenTypes(array($type))
       ->executeOne();
     if ($token) {
       $token->delete();
     }
 
     // Save the new secret.
     id(new PhabricatorAuthTemporaryToken())
       ->setTokenResource($key)
       ->setTokenType($type)
       ->setTokenExpires(time() + phutil_units('1 hour in seconds'))
       ->setTokenCode($secret)
       ->save();
   }
 
   private function loadHandshakeTokenSecret($client_code) {
     $secret_type = PhabricatorOAuth1SecretTemporaryTokenType::TOKENTYPE;
     $key = $this->getHandshakeTokenKeyFromClientCode($client_code);
     $type = $this->getTemporaryTokenType($secret_type);
 
     $token = id(new PhabricatorAuthTemporaryTokenQuery())
       ->setViewer(PhabricatorUser::getOmnipotentUser())
       ->withTokenResources(array($key))
       ->withTokenTypes(array($type))
       ->withExpired(false)
       ->executeOne();
 
     if (!$token) {
       throw new Exception(
         pht(
           'Unable to load your OAuth1 token secret from storage. It may '.
           'have expired. Try authenticating again.'));
     }
 
     return $token->getTokenCode();
   }
 
   private function getTemporaryTokenType($core_type) {
     // Namespace the type so that multiple providers don't step on each
     // others' toes if a user starts Mediawiki and Bitbucket auth at the
     // same time.
 
     // TODO: This isn't really a proper use of the table and should get
     // cleaned up some day: the type should be constant.
 
     return $core_type.':'.$this->getProviderConfig()->getID();
   }
 
   private function getHandshakeTokenKeyFromClientCode($client_code) {
     // NOTE: This is very slightly coercive since the TemporaryToken table
     // expects an "objectPHID" as an identifier, but nothing about the storage
     // is bound to PHIDs.
 
     return 'oauth1:secret/'.$client_code;
   }
 
 }
diff --git a/src/applications/phortune/provider/PhortuneStripePaymentProvider.php b/src/applications/phortune/provider/PhortuneStripePaymentProvider.php
index 370f132a1f..bdaa4294b2 100644
--- a/src/applications/phortune/provider/PhortuneStripePaymentProvider.php
+++ b/src/applications/phortune/provider/PhortuneStripePaymentProvider.php
@@ -1,386 +1,386 @@
 <?php
 
 final class PhortuneStripePaymentProvider extends PhortunePaymentProvider {
 
   const STRIPE_PUBLISHABLE_KEY  = 'stripe.publishable-key';
   const STRIPE_SECRET_KEY       = 'stripe.secret-key';
 
   public function isAcceptingLivePayments() {
     return preg_match('/_live_/', $this->getPublishableKey());
   }
 
   public function getName() {
     return pht('Stripe');
   }
 
   public function getConfigureName() {
     return pht('Add Stripe Payments Account');
   }
 
   public function getConfigureDescription() {
     return pht(
       'Allows you to accept credit or debit card payments with a '.
       'stripe.com account.');
   }
 
   public function getConfigureProvidesDescription() {
     return pht('This merchant accepts credit and debit cards via Stripe.');
   }
 
   public function getPaymentMethodDescription() {
     return pht('Add Credit or Debit Card (US and Canada)');
   }
 
   public function getPaymentMethodIcon() {
     return 'Stripe';
   }
 
   public function getPaymentMethodProviderDescription() {
     return pht('Processed by Stripe');
   }
 
   public function getDefaultPaymentMethodDisplayName(
     PhortunePaymentMethod $method) {
     return pht('Credit/Debit Card');
   }
 
   public function getAllConfigurableProperties() {
     return array(
       self::STRIPE_PUBLISHABLE_KEY,
       self::STRIPE_SECRET_KEY,
     );
   }
 
   public function getAllConfigurableSecretProperties() {
     return array(
       self::STRIPE_SECRET_KEY,
     );
   }
 
   public function processEditForm(
     AphrontRequest $request,
     array $values) {
 
     $errors = array();
     $issues = array();
 
     if (!strlen($values[self::STRIPE_SECRET_KEY])) {
       $errors[] = pht('Stripe Secret Key is required.');
       $issues[self::STRIPE_SECRET_KEY] = pht('Required');
     }
 
     if (!strlen($values[self::STRIPE_PUBLISHABLE_KEY])) {
       $errors[] = pht('Stripe Publishable Key is required.');
       $issues[self::STRIPE_PUBLISHABLE_KEY] = pht('Required');
     }
 
     return array($errors, $issues, $values);
   }
 
   public function extendEditForm(
     AphrontRequest $request,
     AphrontFormView $form,
     array $values,
     array $issues) {
 
     $form
       ->appendChild(
         id(new AphrontFormTextControl())
           ->setName(self::STRIPE_SECRET_KEY)
           ->setValue($values[self::STRIPE_SECRET_KEY])
           ->setError(idx($issues, self::STRIPE_SECRET_KEY, true))
           ->setLabel(pht('Stripe Secret Key')))
       ->appendChild(
         id(new AphrontFormTextControl())
           ->setName(self::STRIPE_PUBLISHABLE_KEY)
           ->setValue($values[self::STRIPE_PUBLISHABLE_KEY])
           ->setError(idx($issues, self::STRIPE_PUBLISHABLE_KEY, true))
           ->setLabel(pht('Stripe Publishable Key')));
   }
 
   public function getConfigureInstructions() {
     return pht(
       "To configure Stripe, register or log in to an existing account on ".
       "[[https://stripe.com | stripe.com]]. Once logged in:\n\n".
       "  - Go to {nav icon=user, name=Your Account > Account Settings ".
       "> API Keys}\n".
       "  - Copy the **Secret Key** and **Publishable Key** into the fields ".
       "above.\n\n".
       "You can either use the test keys to add this provider in test mode, ".
       "or the live keys to accept live payments.");
   }
 
   public function canRunConfigurationTest() {
     return true;
   }
 
   public function runConfigurationTest() {
     $this->loadStripeAPILibraries();
 
     $secret_key = $this->getSecretKey();
     $account = Stripe_Account::retrieve($secret_key);
   }
 
   /**
    * @phutil-external-symbol class Stripe_Charge
    * @phutil-external-symbol class Stripe_CardError
    * @phutil-external-symbol class Stripe_Account
    */
   protected function executeCharge(
     PhortunePaymentMethod $method,
     PhortuneCharge $charge) {
     $this->loadStripeAPILibraries();
 
     $price = $charge->getAmountAsCurrency();
 
     $secret_key = $this->getSecretKey();
     $params = array(
       'amount'      => $price->getValueInUSDCents(),
       'currency'    => $price->getCurrency(),
       'customer'    => $method->getMetadataValue('stripe.customerID'),
       'description' => $charge->getPHID(),
       'capture'     => true,
     );
 
     $stripe_charge = Stripe_Charge::create($params, $secret_key);
 
     $id = $stripe_charge->id;
     if (!$id) {
       throw new Exception(pht('Stripe charge call did not return an ID!'));
     }
 
     $charge->setMetadataValue('stripe.chargeID', $id);
     $charge->save();
   }
 
   protected function executeRefund(
     PhortuneCharge $charge,
     PhortuneCharge $refund) {
     $this->loadStripeAPILibraries();
 
     $charge_id = $charge->getMetadataValue('stripe.chargeID');
     if (!$charge_id) {
       throw new Exception(
         pht('Unable to refund charge; no Stripe chargeID!'));
     }
 
     $refund_cents = $refund
       ->getAmountAsCurrency()
       ->negate()
       ->getValueInUSDCents();
 
     $secret_key = $this->getSecretKey();
     $params = array(
       'amount' => $refund_cents,
     );
 
     $stripe_charge = Stripe_Charge::retrieve($charge_id, $secret_key);
     $stripe_refund = $stripe_charge->refunds->create($params);
 
     $id = $stripe_refund->id;
     if (!$id) {
       throw new Exception(pht('Stripe refund call did not return an ID!'));
     }
 
     $charge->setMetadataValue('stripe.refundID', $id);
     $charge->save();
   }
 
   public function updateCharge(PhortuneCharge $charge) {
     $this->loadStripeAPILibraries();
 
     $charge_id = $charge->getMetadataValue('stripe.chargeID');
     if (!$charge_id) {
       throw new Exception(
         pht('Unable to update charge; no Stripe chargeID!'));
     }
 
     $secret_key = $this->getSecretKey();
     $stripe_charge = Stripe_Charge::retrieve($charge_id, $secret_key);
 
     // TODO: Deal with disputes / chargebacks / surprising refunds.
 
   }
 
   private function getPublishableKey() {
     return $this
       ->getProviderConfig()
       ->getMetadataValue(self::STRIPE_PUBLISHABLE_KEY);
   }
 
   private function getSecretKey() {
     return $this
       ->getProviderConfig()
       ->getMetadataValue(self::STRIPE_SECRET_KEY);
   }
 
 
 /* -(  Adding Payment Methods  )--------------------------------------------- */
 
 
   public function canCreatePaymentMethods() {
     return true;
   }
 
 
   /**
    * @phutil-external-symbol class Stripe_Token
    * @phutil-external-symbol class Stripe_Customer
    */
   public function createPaymentMethodFromRequest(
     AphrontRequest $request,
     PhortunePaymentMethod $method,
     array $token) {
     $this->loadStripeAPILibraries();
 
     $errors = array();
 
     $secret_key = $this->getSecretKey();
     $stripe_token = $token['stripeCardToken'];
 
     // First, make sure the token is valid.
     $info = id(new Stripe_Token())->retrieve($stripe_token, $secret_key);
 
     $account_phid = $method->getAccountPHID();
     $author_phid = $method->getAuthorPHID();
 
     $params = array(
       'card' => $stripe_token,
       'description' => $account_phid.':'.$author_phid,
     );
 
     // Then, we need to create a Customer in order to be able to charge
     // the card more than once. We create one Customer for each card;
     // they do not map to PhortuneAccounts because we allow an account to
     // have more than one active card.
     $customer = Stripe_Customer::create($params, $secret_key);
 
     $card = $info->card;
 
     $method
       ->setBrand($card->brand)
       ->setLastFourDigits($card->last4)
       ->setExpires($card->exp_year, $card->exp_month)
       ->setMetadata(
         array(
           'type' => 'stripe.customer',
           'stripe.customerID' => $customer->id,
           'stripe.cardToken' => $stripe_token,
         ));
 
     return $errors;
   }
 
   public function renderCreatePaymentMethodForm(
     AphrontRequest $request,
     array $errors) {
 
     $src = 'https://js.stripe.com/v2/';
 
     $ccform = id(new PhortuneCreditCardForm())
       ->setSecurityAssurance(
         pht('Payments are processed securely by Stripe.'))
       ->setUser($request->getUser())
       ->setErrors($errors)
       ->addScript($src);
 
     CelerityAPI::getStaticResourceResponse()
-      ->addContentSecurityPolicyURI('script', $src)
-      ->addContentSecurityPolicyURI('frame', $src);
+      ->addContentSecurityPolicyURI('script-src', $src)
+      ->addContentSecurityPolicyURI('frame-src', $src);
 
     Javelin::initBehavior(
       'stripe-payment-form',
       array(
         'stripePublishableKey' => $this->getPublishableKey(),
         'formID'               => $ccform->getFormID(),
       ));
 
     return $ccform->buildForm();
   }
 
   private function getStripeShortErrorCode($error_code) {
     $prefix = 'cc:stripe:';
     if (strncmp($error_code, $prefix, strlen($prefix))) {
       return null;
     }
     return substr($error_code, strlen($prefix));
   }
 
   public function validateCreatePaymentMethodToken(array $token) {
     return isset($token['stripeCardToken']);
   }
 
   public function translateCreatePaymentMethodErrorCode($error_code) {
     $short_code = $this->getStripeShortErrorCode($error_code);
 
     if ($short_code) {
       static $map = array(
         'error:invalid_number'        => PhortuneErrCode::ERR_CC_INVALID_NUMBER,
         'error:invalid_cvc'           => PhortuneErrCode::ERR_CC_INVALID_CVC,
         'error:invalid_expiry_month'  => PhortuneErrCode::ERR_CC_INVALID_EXPIRY,
         'error:invalid_expiry_year'   => PhortuneErrCode::ERR_CC_INVALID_EXPIRY,
       );
 
       if (isset($map[$short_code])) {
         return $map[$short_code];
       }
     }
 
     return $error_code;
   }
 
   /**
    * See https://stripe.com/docs/api#errors for more information on possible
    * errors.
    */
   public function getCreatePaymentMethodErrorMessage($error_code) {
     $short_code = $this->getStripeShortErrorCode($error_code);
     if (!$short_code) {
       return null;
     }
 
     switch ($short_code) {
       case 'error:incorrect_number':
         $error_key = 'number';
         $message = pht('Invalid or incorrect credit card number.');
         break;
       case 'error:incorrect_cvc':
         $error_key = 'cvc';
         $message = pht('Card CVC is invalid or incorrect.');
         break;
         $error_key = 'exp';
         $message = pht('Card expiration date is invalid or incorrect.');
         break;
       case 'error:invalid_expiry_month':
       case 'error:invalid_expiry_year':
       case 'error:invalid_cvc':
       case 'error:invalid_number':
         // NOTE: These should be translated into Phortune error codes earlier,
         // so we don't expect to receive them here. They are listed for clarity
         // and completeness. If we encounter one, we treat it as an unknown
         // error.
         break;
       case 'error:invalid_amount':
       case 'error:missing':
       case 'error:card_declined':
       case 'error:expired_card':
       case 'error:duplicate_transaction':
       case 'error:processing_error':
       default:
         // NOTE: These errors currently don't receive a detailed message.
         // NOTE: We can also end up here with "http:nnn" messages.
 
         // TODO: At least some of these should have a better message, or be
         // translated into common errors above.
         break;
     }
 
     return null;
   }
 
   private function loadStripeAPILibraries() {
     $root = dirname(phutil_get_library_root('phabricator'));
     require_once $root.'/externals/stripe-php/lib/Stripe.php';
   }
 
 }
diff --git a/src/view/form/control/AphrontFormRecaptchaControl.php b/src/view/form/control/AphrontFormRecaptchaControl.php
index b0559754e9..4152f7d8b7 100644
--- a/src/view/form/control/AphrontFormRecaptchaControl.php
+++ b/src/view/form/control/AphrontFormRecaptchaControl.php
@@ -1,65 +1,65 @@
 <?php
 
 final class AphrontFormRecaptchaControl extends AphrontFormControl {
 
   protected function getCustomControlClass() {
     return 'aphront-form-control-recaptcha';
   }
 
   protected function shouldRender() {
     return self::isRecaptchaEnabled();
   }
 
   public static function isRecaptchaEnabled() {
     return PhabricatorEnv::getEnvConfig('recaptcha.enabled');
   }
 
   public static function hasCaptchaResponse(AphrontRequest $request) {
     return $request->getBool('g-recaptcha-response');
   }
 
   public static function processCaptcha(AphrontRequest $request) {
     if (!self::isRecaptchaEnabled()) {
       return true;
     }
 
     $uri = 'https://www.google.com/recaptcha/api/siteverify';
     $params = array(
       'secret'   => PhabricatorEnv::getEnvConfig('recaptcha.private-key'),
       'response' => $request->getStr('g-recaptcha-response'),
       'remoteip' => $request->getRemoteAddress(),
     );
 
     list($body) = id(new HTTPSFuture($uri, $params))
       ->setMethod('POST')
       ->resolvex();
 
     $json = phutil_json_decode($body);
     return (bool)idx($json, 'success');
   }
 
   protected function renderInput() {
     $js = 'https://www.google.com/recaptcha/api.js';
     $pubkey = PhabricatorEnv::getEnvConfig('recaptcha.public-key');
 
     CelerityAPI::getStaticResourceResponse()
-      ->addContentSecurityPolicyURI('script', $js)
-      ->addContentSecurityPolicyURI('script', 'https://www.gstatic.com/')
-      ->addContentSecurityPolicyURI('frame', 'https://www.google.com/');
+      ->addContentSecurityPolicyURI('script-src', $js)
+      ->addContentSecurityPolicyURI('script-src', 'https://www.gstatic.com/')
+      ->addContentSecurityPolicyURI('frame-src', 'https://www.google.com/');
 
     return array(
       phutil_tag(
         'div',
         array(
           'class' => 'g-recaptcha',
           'data-sitekey' => $pubkey,
         )),
       phutil_tag(
         'script',
         array(
           'type' => 'text/javascript',
           'src'  => $js,
         )),
     );
   }
 }
diff --git a/src/view/page/PhabricatorStandardPageView.php b/src/view/page/PhabricatorStandardPageView.php
index 8ee7566969..aca98b7205 100644
--- a/src/view/page/PhabricatorStandardPageView.php
+++ b/src/view/page/PhabricatorStandardPageView.php
@@ -1,910 +1,910 @@
 <?php
 
 /**
  * This is a standard Phabricator page with menus, Javelin, DarkConsole, and
  * basic styles.
  */
 final class PhabricatorStandardPageView extends PhabricatorBarePageView
   implements AphrontResponseProducerInterface {
 
   private $baseURI;
   private $applicationName;
   private $glyph;
   private $menuContent;
   private $showChrome = true;
   private $classes = array();
   private $disableConsole;
   private $pageObjects = array();
   private $applicationMenu;
   private $showFooter = true;
   private $showDurableColumn = true;
   private $quicksandConfig = array();
   private $tabs;
   private $crumbs;
   private $navigation;
 
   public function setShowFooter($show_footer) {
     $this->showFooter = $show_footer;
     return $this;
   }
 
   public function getShowFooter() {
     return $this->showFooter;
   }
 
   public function setApplicationMenu($application_menu) {
     // NOTE: For now, this can either be a PHUIListView or a
     // PHUIApplicationMenuView.
 
     $this->applicationMenu = $application_menu;
     return $this;
   }
 
   public function getApplicationMenu() {
     return $this->applicationMenu;
   }
 
   public function setApplicationName($application_name) {
     $this->applicationName = $application_name;
     return $this;
   }
 
   public function setDisableConsole($disable) {
     $this->disableConsole = $disable;
     return $this;
   }
 
   public function getApplicationName() {
     return $this->applicationName;
   }
 
   public function setBaseURI($base_uri) {
     $this->baseURI = $base_uri;
     return $this;
   }
 
   public function getBaseURI() {
     return $this->baseURI;
   }
 
   public function setShowChrome($show_chrome) {
     $this->showChrome = $show_chrome;
     return $this;
   }
 
   public function getShowChrome() {
     return $this->showChrome;
   }
 
   public function addClass($class) {
     $this->classes[] = $class;
     return $this;
   }
 
   public function setPageObjectPHIDs(array $phids) {
     $this->pageObjects = $phids;
     return $this;
   }
 
   public function setShowDurableColumn($show) {
     $this->showDurableColumn = $show;
     return $this;
   }
 
   public function getShowDurableColumn() {
     $request = $this->getRequest();
     if (!$request) {
       return false;
     }
 
     $viewer = $request->getUser();
     if (!$viewer->isLoggedIn()) {
       return false;
     }
 
     $conpherence_installed = PhabricatorApplication::isClassInstalledForViewer(
       'PhabricatorConpherenceApplication',
       $viewer);
     if (!$conpherence_installed) {
       return false;
     }
 
     if ($this->isQuicksandBlacklistURI()) {
       return false;
     }
 
     return true;
   }
 
   private function isQuicksandBlacklistURI() {
     $request = $this->getRequest();
     if (!$request) {
       return false;
     }
 
     $patterns = $this->getQuicksandURIPatternBlacklist();
     $path = $request->getRequestURI()->getPath();
     foreach ($patterns as $pattern) {
       if (preg_match('(^'.$pattern.'$)', $path)) {
         return true;
       }
     }
     return false;
   }
 
   public function getDurableColumnVisible() {
     $column_key = PhabricatorConpherenceColumnVisibleSetting::SETTINGKEY;
     return (bool)$this->getUserPreference($column_key, false);
   }
 
   public function getDurableColumnMinimize() {
     $column_key = PhabricatorConpherenceColumnMinimizeSetting::SETTINGKEY;
     return (bool)$this->getUserPreference($column_key, false);
   }
 
   public function addQuicksandConfig(array $config) {
     $this->quicksandConfig = $config + $this->quicksandConfig;
     return $this;
   }
 
   public function getQuicksandConfig() {
     return $this->quicksandConfig;
   }
 
   public function setCrumbs(PHUICrumbsView $crumbs) {
     $this->crumbs = $crumbs;
     return $this;
   }
 
   public function getCrumbs() {
     return $this->crumbs;
   }
 
   public function setTabs(PHUIListView $tabs) {
     $tabs->setType(PHUIListView::TABBAR_LIST);
     $tabs->addClass('phabricator-standard-page-tabs');
     $this->tabs = $tabs;
     return $this;
   }
 
   public function getTabs() {
     return $this->tabs;
   }
 
   public function setNavigation(AphrontSideNavFilterView $navigation) {
     $this->navigation = $navigation;
     return $this;
   }
 
   public function getNavigation() {
     return $this->navigation;
   }
 
   public function getTitle() {
     $glyph_key = PhabricatorTitleGlyphsSetting::SETTINGKEY;
     $glyph_on = PhabricatorTitleGlyphsSetting::VALUE_TITLE_GLYPHS;
     $glyph_setting = $this->getUserPreference($glyph_key, $glyph_on);
 
     $use_glyph = ($glyph_setting == $glyph_on);
 
     $title = parent::getTitle();
 
     $prefix = null;
     if ($use_glyph) {
       $prefix = $this->getGlyph();
     } else {
       $application_name = $this->getApplicationName();
       if (strlen($application_name)) {
         $prefix = '['.$application_name.']';
       }
     }
 
     if (strlen($prefix)) {
       $title = $prefix.' '.$title;
     }
 
     return $title;
   }
 
 
   protected function willRenderPage() {
     parent::willRenderPage();
 
     if (!$this->getRequest()) {
       throw new Exception(
         pht(
           'You must set the %s to render a %s.',
           'Request',
           __CLASS__));
     }
 
     $console = $this->getConsole();
 
     require_celerity_resource('phabricator-core-css');
     require_celerity_resource('phabricator-zindex-css');
     require_celerity_resource('phui-button-css');
     require_celerity_resource('phui-spacing-css');
     require_celerity_resource('phui-form-css');
     require_celerity_resource('phabricator-standard-page-view');
     require_celerity_resource('conpherence-durable-column-view');
     require_celerity_resource('font-lato');
 
     Javelin::initBehavior('workflow', array());
 
     $request = $this->getRequest();
     $user = null;
     if ($request) {
       $user = $request->getUser();
     }
 
     if ($user) {
       if ($user->isUserActivated()) {
         $offset = $user->getTimeZoneOffset();
 
         $ignore_key = PhabricatorTimezoneIgnoreOffsetSetting::SETTINGKEY;
         $ignore = $user->getUserSetting($ignore_key);
 
         Javelin::initBehavior(
           'detect-timezone',
           array(
             'offset' => $offset,
             'uri' => '/settings/timezone/',
             'message' => pht(
               'Your browser timezone setting differs from the timezone '.
               'setting in your profile, click to reconcile.'),
             'ignoreKey' => $ignore_key,
             'ignore' => $ignore,
           ));
 
         if ($user->getIsAdmin()) {
           $server_https = $request->isHTTPS();
           $server_protocol = $server_https ? 'HTTPS' : 'HTTP';
           $client_protocol = $server_https ? 'HTTP' : 'HTTPS';
 
           $doc_name = 'Configuring a Preamble Script';
           $doc_href = PhabricatorEnv::getDoclink($doc_name);
 
           Javelin::initBehavior(
             'setup-check-https',
             array(
               'server_https' => $server_https,
               'doc_name' => pht('See Documentation'),
               'doc_href' => $doc_href,
               'message' => pht(
                 'Phabricator thinks you are using %s, but your '.
                 'client is convinced that it is using %s. This is a serious '.
                 'misconfiguration with subtle, but significant, consequences.',
                 $server_protocol, $client_protocol),
             ));
         }
       }
 
       Javelin::initBehavior('lightbox-attachments');
     }
 
     Javelin::initBehavior('aphront-form-disable-on-submit');
     Javelin::initBehavior('toggle-class', array());
     Javelin::initBehavior('history-install');
     Javelin::initBehavior('phabricator-gesture');
 
     $current_token = null;
     if ($user) {
       $current_token = $user->getCSRFToken();
     }
 
     Javelin::initBehavior(
       'refresh-csrf',
       array(
         'tokenName' => AphrontRequest::getCSRFTokenName(),
         'header' => AphrontRequest::getCSRFHeaderName(),
         'viaHeader' => AphrontRequest::getViaHeaderName(),
         'current'   => $current_token,
       ));
 
     Javelin::initBehavior('device');
 
     Javelin::initBehavior(
       'high-security-warning',
       $this->getHighSecurityWarningConfig());
 
     if (PhabricatorEnv::isReadOnly()) {
       Javelin::initBehavior(
         'read-only-warning',
         array(
           'message' => PhabricatorEnv::getReadOnlyMessage(),
           'uri' => PhabricatorEnv::getReadOnlyURI(),
         ));
     }
 
     if ($console) {
       require_celerity_resource('aphront-dark-console-css');
 
       $headers = array();
       if (DarkConsoleXHProfPluginAPI::isProfilerStarted()) {
         $headers[DarkConsoleXHProfPluginAPI::getProfilerHeader()] = 'page';
       }
       if (DarkConsoleServicesPlugin::isQueryAnalyzerRequested()) {
         $headers[DarkConsoleServicesPlugin::getQueryAnalyzerHeader()] = true;
       }
 
       Javelin::initBehavior(
         'dark-console',
         $this->getConsoleConfig());
 
       // Change this to initBehavior when there is some behavior to initialize
       require_celerity_resource('javelin-behavior-error-log');
     }
 
     if ($user) {
       $viewer = $user;
     } else {
       $viewer = new PhabricatorUser();
     }
 
     $menu = id(new PhabricatorMainMenuView())
       ->setUser($viewer);
 
     if ($this->getController()) {
       $menu->setController($this->getController());
     }
 
     $application_menu = $this->getApplicationMenu();
     if ($application_menu) {
       if ($application_menu instanceof PHUIApplicationMenuView) {
         $crumbs = $this->getCrumbs();
         if ($crumbs) {
           $application_menu->setCrumbs($crumbs);
         }
 
         $application_menu = $application_menu->buildListView();
       }
 
       $menu->setApplicationMenu($application_menu);
     }
 
     $this->menuContent = $menu->render();
   }
 
 
   protected function getHead() {
     $monospaced = null;
 
     $request = $this->getRequest();
     if ($request) {
       $user = $request->getUser();
       if ($user) {
         $monospaced = $user->getUserSetting(
           PhabricatorMonospacedFontSetting::SETTINGKEY);
       }
     }
 
     $response = CelerityAPI::getStaticResourceResponse();
 
     $font_css = null;
     if (!empty($monospaced)) {
       // We can't print this normally because escaping quotation marks will
       // break the CSS. Instead, filter it strictly and then mark it as safe.
       $monospaced = new PhutilSafeHTML(
         PhabricatorMonospacedFontSetting::filterMonospacedCSSRule(
           $monospaced));
 
       $font_css = hsprintf(
         '<style type="text/css">'.
         '.PhabricatorMonospaced, '.
         '.phabricator-remarkup .remarkup-code-block '.
           '.remarkup-code { font: %s !important; } '.
         '</style>',
         $monospaced);
     }
 
     return hsprintf(
       '%s%s%s',
       parent::getHead(),
       $font_css,
       $response->renderSingleResource('javelin-magical-init', 'phabricator'));
   }
 
   public function setGlyph($glyph) {
     $this->glyph = $glyph;
     return $this;
   }
 
   public function getGlyph() {
     return $this->glyph;
   }
 
   protected function willSendResponse($response) {
     $request = $this->getRequest();
     $response = parent::willSendResponse($response);
 
     $console = $request->getApplicationConfiguration()->getConsole();
 
     if ($console) {
       $response = PhutilSafeHTML::applyFunction(
         'str_replace',
         hsprintf('<darkconsole />'),
         $console->render($request),
         $response);
     }
 
     return $response;
   }
 
   protected function getBody() {
     $user = null;
     $request = $this->getRequest();
     if ($request) {
       $user = $request->getUser();
     }
 
     $header_chrome = null;
     if ($this->getShowChrome()) {
       $header_chrome = $this->menuContent;
     }
 
     $classes = array();
     $classes[] = 'main-page-frame';
     $developer_warning = null;
     if (PhabricatorEnv::getEnvConfig('phabricator.developer-mode') &&
         DarkConsoleErrorLogPluginAPI::getErrors()) {
       $developer_warning = phutil_tag_div(
         'aphront-developer-error-callout',
         pht(
           'This page raised PHP errors. Find them in DarkConsole '.
           'or the error log.'));
     }
 
     $main_page = phutil_tag(
       'div',
       array(
         'id' => 'phabricator-standard-page',
         'class' => 'phabricator-standard-page',
       ),
       array(
         $developer_warning,
         $header_chrome,
         phutil_tag(
           'div',
           array(
             'id' => 'phabricator-standard-page-body',
             'class' => 'phabricator-standard-page-body',
           ),
           $this->renderPageBodyContent()),
       ));
 
     $durable_column = null;
     if ($this->getShowDurableColumn()) {
       $is_visible = $this->getDurableColumnVisible();
       $is_minimize = $this->getDurableColumnMinimize();
       $durable_column = id(new ConpherenceDurableColumnView())
         ->setSelectedConpherence(null)
         ->setUser($user)
         ->setQuicksandConfig($this->buildQuicksandConfig())
         ->setVisible($is_visible)
         ->setMinimize($is_minimize)
         ->setInitialLoad(true);
       if ($is_minimize) {
         $this->classes[] = 'minimize-column';
       }
     }
 
     Javelin::initBehavior('quicksand-blacklist', array(
       'patterns' => $this->getQuicksandURIPatternBlacklist(),
     ));
 
     return phutil_tag(
       'div',
       array(
         'class' => implode(' ', $classes),
         'id' => 'main-page-frame',
       ),
       array(
         $main_page,
         $durable_column,
       ));
   }
 
   private function renderPageBodyContent() {
     $console = $this->getConsole();
 
     $body = parent::getBody();
 
     $footer = $this->renderFooter();
 
     $nav = $this->getNavigation();
     $tabs = $this->getTabs();
     if ($nav) {
       $crumbs = $this->getCrumbs();
       if ($crumbs) {
         $nav->setCrumbs($crumbs);
       }
       $nav->appendChild($body);
       $nav->appendFooter($footer);
       $content = phutil_implode_html('', array($nav->render()));
     } else {
       $content = array();
 
       $crumbs = $this->getCrumbs();
       if ($crumbs) {
         if ($this->getTabs()) {
           $crumbs->setBorder(true);
         }
         $content[] = $crumbs;
       }
 
       $tabs = $this->getTabs();
       if ($tabs) {
         $content[] = $tabs;
       }
 
       $content[] = $body;
       $content[] = $footer;
 
       $content = phutil_implode_html('', $content);
     }
 
     return array(
       ($console ? hsprintf('<darkconsole />') : null),
       $content,
     );
   }
 
   protected function getTail() {
     $request = $this->getRequest();
     $user = $request->getUser();
 
     $tail = array(
       parent::getTail(),
     );
 
     $response = CelerityAPI::getStaticResourceResponse();
 
     if ($request->isHTTPS()) {
       $with_protocol = 'https';
     } else {
       $with_protocol = 'http';
     }
 
     $servers = PhabricatorNotificationServerRef::getEnabledClientServers(
       $with_protocol);
 
     if ($servers) {
       if ($user && $user->isLoggedIn()) {
         // TODO: We could tell the browser about all the servers and let it
         // do random reconnects to improve reliability.
         shuffle($servers);
         $server = head($servers);
 
         $client_uri = $server->getWebsocketURI();
 
         Javelin::initBehavior(
           'aphlict-listen',
           array(
             'websocketURI' => (string)$client_uri,
           ) + $this->buildAphlictListenConfigData());
 
         CelerityAPI::getStaticResourceResponse()
-          ->addContentSecurityPolicyURI('connect', $client_uri);
+          ->addContentSecurityPolicyURI('connect-src', $client_uri);
       }
     }
 
     $tail[] = $response->renderHTMLFooter($this->getFrameable());
 
     return $tail;
   }
 
   protected function getBodyClasses() {
     $classes = array();
 
     if (!$this->getShowChrome()) {
       $classes[] = 'phabricator-chromeless-page';
     }
 
     $agent = AphrontRequest::getHTTPHeader('User-Agent');
 
     // Try to guess the device resolution based on UA strings to avoid a flash
     // of incorrectly-styled content.
     $device_guess = 'device-desktop';
     if (preg_match('@iPhone|iPod|(Android.*Chrome/[.0-9]* Mobile)@', $agent)) {
       $device_guess = 'device-phone device';
     } else if (preg_match('@iPad|(Android.*Chrome/)@', $agent)) {
       $device_guess = 'device-tablet device';
     }
 
     $classes[] = $device_guess;
 
     if (preg_match('@Windows@', $agent)) {
       $classes[] = 'platform-windows';
     } else if (preg_match('@Macintosh@', $agent)) {
       $classes[] = 'platform-mac';
     } else if (preg_match('@X11@', $agent)) {
       $classes[] = 'platform-linux';
     }
 
     if ($this->getRequest()->getStr('__print__')) {
       $classes[] = 'printable';
     }
 
     if ($this->getRequest()->getStr('__aural__')) {
       $classes[] = 'audible';
     }
 
     $classes[] = 'phui-theme-'.PhabricatorEnv::getEnvConfig('ui.header-color');
     foreach ($this->classes as $class) {
       $classes[] = $class;
     }
 
     return implode(' ', $classes);
   }
 
   private function getConsole() {
     if ($this->disableConsole) {
       return null;
     }
     return $this->getRequest()->getApplicationConfiguration()->getConsole();
   }
 
   private function getConsoleConfig() {
     $user = $this->getRequest()->getUser();
 
     $headers = array();
     if (DarkConsoleXHProfPluginAPI::isProfilerStarted()) {
       $headers[DarkConsoleXHProfPluginAPI::getProfilerHeader()] = 'page';
     }
     if (DarkConsoleServicesPlugin::isQueryAnalyzerRequested()) {
       $headers[DarkConsoleServicesPlugin::getQueryAnalyzerHeader()] = true;
     }
 
     if ($user) {
       $setting_tab = PhabricatorDarkConsoleTabSetting::SETTINGKEY;
       $setting_visible = PhabricatorDarkConsoleVisibleSetting::SETTINGKEY;
       $tab = $user->getUserSetting($setting_tab);
       $visible = $user->getUserSetting($setting_visible);
     } else {
       $tab = null;
       $visible = true;
     }
 
     return array(
       // NOTE: We use a generic label here to prevent input reflection
       // and mitigate compression attacks like BREACH. See discussion in
       // T3684.
       'uri' => pht('Main Request'),
       'selected' => $tab,
       'visible'  => $visible,
       'headers' => $headers,
     );
   }
 
   private function getHighSecurityWarningConfig() {
     $user = $this->getRequest()->getUser();
 
     $show = false;
     if ($user->hasSession()) {
       $hisec = ($user->getSession()->getHighSecurityUntil() - time());
       if ($hisec > 0) {
         $show = true;
       }
     }
 
     return array(
       'show' => $show,
       'uri' => '/auth/session/downgrade/',
       'message' => pht(
         'Your session is in high security mode. When you '.
         'finish using it, click here to leave.'),
         );
   }
 
   private function renderFooter() {
     if (!$this->getShowChrome()) {
       return null;
     }
 
     if (!$this->getShowFooter()) {
       return null;
     }
 
     $items = PhabricatorEnv::getEnvConfig('ui.footer-items');
     if (!$items) {
       return null;
     }
 
     $foot = array();
     foreach ($items as $item) {
       $name = idx($item, 'name', pht('Unnamed Footer Item'));
 
       $href = idx($item, 'href');
       if (!PhabricatorEnv::isValidURIForLink($href)) {
         $href = null;
       }
 
       if ($href !== null) {
         $tag = 'a';
       } else {
         $tag = 'span';
       }
 
       $foot[] = phutil_tag(
         $tag,
         array(
           'href' => $href,
         ),
         $name);
     }
     $foot = phutil_implode_html(" \xC2\xB7 ", $foot);
 
     return phutil_tag(
       'div',
       array(
         'class' => 'phabricator-standard-page-footer grouped',
       ),
       $foot);
   }
 
   public function renderForQuicksand() {
     parent::willRenderPage();
     $response = $this->renderPageBodyContent();
     $response = $this->willSendResponse($response);
 
     $extra_config = $this->getQuicksandConfig();
 
     return array(
       'content' => hsprintf('%s', $response),
     ) + $this->buildQuicksandConfig()
       + $extra_config;
   }
 
   private function buildQuicksandConfig() {
     $viewer = $this->getRequest()->getUser();
     $controller = $this->getController();
 
     $dropdown_query = id(new AphlictDropdownDataQuery())
       ->setViewer($viewer);
     $dropdown_query->execute();
 
     $hisec_warning_config = $this->getHighSecurityWarningConfig();
 
     $console_config = null;
     $console = $this->getConsole();
     if ($console) {
       $console_config = $this->getConsoleConfig();
     }
 
     $upload_enabled = false;
     if ($controller) {
       $upload_enabled = $controller->isGlobalDragAndDropUploadEnabled();
     }
 
     $application_class = null;
     $application_search_icon = null;
     $application_help = null;
     $controller = $this->getController();
     if ($controller) {
       $application = $controller->getCurrentApplication();
       if ($application) {
         $application_class = get_class($application);
         if ($application->getApplicationSearchDocumentTypes()) {
           $application_search_icon = $application->getIcon();
         }
 
         $help_items = $application->getHelpMenuItems($viewer);
         if ($help_items) {
           $help_list = id(new PhabricatorActionListView())
             ->setViewer($viewer);
           foreach ($help_items as $help_item) {
             $help_list->addAction($help_item);
           }
           $application_help = $help_list->getDropdownMenuMetadata();
         }
       }
     }
 
     return array(
       'title' => $this->getTitle(),
       'bodyClasses' => $this->getBodyClasses(),
       'aphlictDropdownData' => array(
         $dropdown_query->getNotificationData(),
         $dropdown_query->getConpherenceData(),
       ),
       'globalDragAndDrop' => $upload_enabled,
       'hisecWarningConfig' => $hisec_warning_config,
       'consoleConfig' => $console_config,
       'applicationClass' => $application_class,
       'applicationSearchIcon' => $application_search_icon,
       'helpItems' => $application_help,
     ) + $this->buildAphlictListenConfigData();
   }
 
   private function buildAphlictListenConfigData() {
     $user = $this->getRequest()->getUser();
     $subscriptions = $this->pageObjects;
     $subscriptions[] = $user->getPHID();
 
     return array(
       'pageObjects'   => array_fill_keys($this->pageObjects, true),
       'subscriptions' => $subscriptions,
     );
   }
 
   private function getQuicksandURIPatternBlacklist() {
     $applications = PhabricatorApplication::getAllApplications();
 
     $blacklist = array();
     foreach ($applications as $application) {
       $blacklist[] = $application->getQuicksandURIPatternBlacklist();
     }
 
     // See T4340. Currently, Phortune and Auth both require pulling in external
     // Javascript (for Stripe card management and Recaptcha, respectively).
     // This can put us in a position where the user loads a page with a
     // restrictive Content-Security-Policy, then uses Quicksand to navigate to
     // a page which needs to load external scripts. For now, just blacklist
     // these entire applications since we aren't giving up anything
     // significant by doing so.
 
     $blacklist[] = array(
       '/phortune/.*',
       '/auth/.*',
     );
 
     return array_mergev($blacklist);
   }
 
   private function getUserPreference($key, $default = null) {
     $request = $this->getRequest();
     if (!$request) {
       return $default;
     }
 
     $user = $request->getUser();
     if (!$user) {
       return $default;
     }
 
     return $user->getUserSetting($key);
   }
 
   public function produceAphrontResponse() {
     $controller = $this->getController();
 
     if (!$this->getApplicationMenu()) {
       $application_menu = $controller->buildApplicationMenu();
       if ($application_menu) {
         $this->setApplicationMenu($application_menu);
       }
     }
 
     $viewer = $this->getUser();
     if ($viewer && $viewer->getPHID()) {
       $object_phids = $this->pageObjects;
       foreach ($object_phids as $object_phid) {
         PhabricatorFeedStoryNotification::updateObjectNotificationViews(
           $viewer,
           $object_phid);
       }
     }
 
     if ($this->getRequest()->isQuicksand()) {
       $content = $this->renderForQuicksand();
       $response = id(new AphrontAjaxResponse())
         ->setContent($content);
     } else {
       $content = $this->render();
 
       $response = id(new AphrontWebpageResponse())
         ->setContent($content)
         ->setFrameable($this->getFrameable());
 
       $static = CelerityAPI::getStaticResourceResponse();
       foreach ($static->getContentSecurityPolicyURIMap() as $kind => $uris) {
         foreach ($uris as $uri) {
           $response->addContentSecurityPolicyURI($kind, $uri);
         }
       }
     }
 
     return $response;
   }
 
 }