Fix Content-Security-Policy headers on "Email Login" page
c5772f51dea7
Actions

Description

Fix Content-Security-Policy headers on "Email Login" page

Summary:
In D20100, I changed this page from returning a newPage() with a dialog as its content to returning a more modern newDialog().

However, the magic to add stuff to the CSP header is actually only on the newPage() pathway today, so this accidentally dropped the extra "Content-Security-Policy" rule for Google.

Lift the magic up one level so both Dialog and Page responses hit it.

Test Plan:

Configured Recaptcha.
Between D20100 and this patch: got a CSP error on the Email Login page.
After this patch: clicked all the pictures of cars / store fronts.

Reviewers: amckinley

Reviewed By: amckinley

Differential Revision: https://secure.phabricator.com/D20163

Details

Provenance

epriestley	Authored on Feb 13 2019, 11:25 PM
epriestley	Pushed on Feb 14 2019, 8:53 PM

Reviewer

amckinley

Differential Revision

D20163: Fix Content-Security-Policy headers on "Email Login" page

Parents

rP889eca1af94e: Allow a DAO object storage namespace to be forced to a particular value

Branches

Unknown

Tags

Unknown

Build Status

Buildable 22011
Build 30066: Run Core Tests

Event Timeline

epriestley committed rPc5772f51dea7: Fix Content-Security-Policy headers on "Email Login" page (authored by epriestley).Feb 14 2019, 8:53 PM

Harbormaster completed building B22011: rPc5772f51dea7: Fix Content-Security-Policy headers on "Email Login" page.Feb 14 2019, 8:55 PM

Changes (2)

Path

Size

src/

aphront/

sink/

AphrontHTTPSink.php

view/

page/

PhabricatorStandardPageView.php

rPc5772f51dea7

View Options

src/aphront/sink/AphrontHTTPSink.php