Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

All: add Content-Security-Policy-Report-Only header to all wordpress sites #463

Merged
merged 7 commits into from
Sep 11, 2024
Merged

All: add Content-Security-Policy-Report-Only header to all wordpress sites #463

merged 7 commits into from
Sep 11, 2024

Conversation

timmywil
Copy link
Member

@timmywil timmywil commented Aug 19, 2024
edited
Loading

Ref jquery/infrastructure-puppet#54
Ref jquery/infrastructure-puppet#57

This adds a filter that the API sites can override to allow for inline scripts and styles only in API demos.

I'm thinking we can use this in combination with a header set in infrastructure-puppet for non-wordpress sites.

@timmywil timmywil requested a review from Krinkle August 19, 2024 16:42
timmywil
timmywil commented Aug 19, 2024
View reviewed changes
themes/jquery/functions.php Outdated Show resolved Hide resolved
timmywil
timmywil commented Aug 19, 2024
View reviewed changes
themes/jquery/functions.php Outdated Show resolved Hide resolved
timmywil
timmywil commented Aug 19, 2024
View reviewed changes
themes/jquery/header.php
<!doctype html>
<html class="no-js" <?php language_attributes(); ?>>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">

<title><?php
global $page, $paged;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a carryover from the default Wordpress header.php, but these variables are not used.

Krinkle
Krinkle requested changes Aug 19, 2024
View reviewed changes
themes/jquery/functions.php Outdated Show resolved Hide resolved
themes/jquery/header.php Outdated Show resolved Hide resolved
@timmywil timmywil requested a review from Krinkle August 20, 2024 14:45
@timmywil timmywil mentioned this pull request Aug 20, 2024
Merged
Krinkle added a commit that referenced this pull request Aug 24, 2024
@Krinkle
All: Update typesense-minibar to 1.3.4 (CSP compliance)
9960ace 
Ref jquery/infrastructure-puppet#54.
Ref #463.
@timmywil timmywil mentioned this pull request Aug 24, 2024
Open
1 task
@Krinkle
Copy link
Member

Krinkle commented Aug 24, 2024
edited
Loading

@timmywil Should we limit this to a STAGING conditional at first? The headers hook function could return early when not.

@timmywil
Copy link
Member Author

@Krinkle Absolutely. I also didn't mean to set csp instead of the report header. Both are fixed now.

@timmywil timmywil merged commit 333228f into jquery:main Sep 11, 2024
5 checks passed
@timmywil timmywil deleted the csp branch September 11, 2024 13:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Krinkle Krinkle Krinkle approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timmywil @Krinkle