Fix CSP #4250

chadwhitacre · 2016-12-22T16:00:17Z

We weren't careful enough in #4244 / #4247 and broke the site:

cc: @EdOverflow

EdOverflow · 2016-12-22T16:03:50Z

Whoops, I'll get straight on to that!

chadwhitacre · 2016-12-22T16:04:45Z

@EdOverflow Look into inline scripts, ya?

chadwhitacre · 2016-12-22T16:04:55Z

I fixed the font errors in 961ce59.

EdOverflow · 2016-12-22T16:05:41Z

Look into inline scripts, ya?

👍

chadwhitacre · 2016-12-22T16:05:53Z

I am rolling back in Heroku for now ...

EdOverflow · 2016-12-22T16:21:14Z

Sorry about that. :(

clone1018 · 2016-12-22T16:22:48Z

@EdOverflow Don't worry about it, that's the magic of Open Source!

chadwhitacre · 2016-12-22T16:44:19Z

gratipay/security/__init__.py

@@ -51,6 +51,7 @@ def add_headers_to_response(response):
                                                       'style-src assets.gratipay.com cloud.typography.com;'
                                                       'img-src *;'
                                                       'font-src assets.gratipay.com cloud.typography.com;'
+                                                       "script-src 'unsafe-inline'"


We're missing a semicolon at the end here, ya? Addressed in 75ce62f.

chadwhitacre · 2016-12-22T16:46:00Z

@EdOverflow You good with 75ce62f?

EdOverflow · 2016-12-22T16:48:38Z

OK, now it should work. Thanks @whit537! :)

chadwhitacre · 2016-12-22T16:56:17Z

@EdOverflow May I let you hit the big green "Merge pull request" button here on GitHub? :-)

EdOverflow · 2016-12-22T17:17:33Z

chadwhitacre added 2 commits December 22, 2016 10:58

Start branch fix-csp

4db78da

Pick off remaining style blip

5143b6d

Fix font & font css

961ce59

Add script-src 'unsafe-inline'

821eae2

Fold script-srcs together

75ce62f

chadwhitacre commented Dec 22, 2016

View reviewed changes

EdOverflow merged commit cce940b into master Dec 22, 2016

chadwhitacre deleted the fix-csp branch December 22, 2016 17:21

chadwhitacre mentioned this pull request Dec 22, 2016

Fix CSP again #4252

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix CSP #4250

Fix CSP #4250

chadwhitacre commented Dec 22, 2016

EdOverflow commented Dec 22, 2016

chadwhitacre commented Dec 22, 2016

chadwhitacre commented Dec 22, 2016

EdOverflow commented Dec 22, 2016

chadwhitacre commented Dec 22, 2016

EdOverflow commented Dec 22, 2016

clone1018 commented Dec 22, 2016

chadwhitacre Dec 22, 2016

chadwhitacre commented Dec 22, 2016

EdOverflow commented Dec 22, 2016

chadwhitacre commented Dec 22, 2016

EdOverflow commented Dec 22, 2016

Fix CSP #4250

Fix CSP #4250

Conversation

chadwhitacre commented Dec 22, 2016

EdOverflow commented Dec 22, 2016

chadwhitacre commented Dec 22, 2016

chadwhitacre commented Dec 22, 2016

EdOverflow commented Dec 22, 2016

chadwhitacre commented Dec 22, 2016

EdOverflow commented Dec 22, 2016

clone1018 commented Dec 22, 2016

chadwhitacre Dec 22, 2016

Choose a reason for hiding this comment

chadwhitacre commented Dec 22, 2016

EdOverflow commented Dec 22, 2016

chadwhitacre commented Dec 22, 2016

EdOverflow commented Dec 22, 2016