Merge pull request #6962 from topcoder-platform/develop

PROD-4429 CSP Headers update & PS-192
topcoder-platform · Jan 29, 2024 · 33340ee · 33340ee
2 parents 270777a + 2299853
commit 33340ee
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 20 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -357,8 +357,8 @@ workflows:
           filters:
             branches:
               only:
-                - remove_submission_review
-                - CORE-107
+                - develop
+                - PROD-4429
       # This is alternate dev env for parallel testing
       # Deprecate this workflow due to beta env shutdown
       # https://topcoder.atlassian.net/browse/CORE-251

diff --git a/config/default.js b/config/default.js
@@ -478,4 +478,5 @@ module.exports = {
   MEMBER_SEARCH_REDIRECT_URL: 'https://talent-search.topcoder-dev.com',
   ACCOUNT_SETTINGS_REDIRECT_URL: 'https://account-settings.topcoder-dev.com',
   INNOVATION_CHALLENGES_TAG: 'Innovation Challenge',
+  PLATFORM_SITE_URL: 'https://platform.topcoder-dev.com',
 };
diff --git a/src/server/index.js b/src/server/index.js
@@ -152,15 +152,17 @@ async function onExpressJsSetup(server) {
           + ' https://www.google-analytics.com'
           + ' https://43d132d5dbff47c59d9d53ad448f93c2.js.ubembed.com'
           + ' https://assets.ubembed.com'
-          + ' https://browser.sentry-cdn.com'
           + ' https://cdn.heapanalytics.com'
           + ' https://cdn.segment.com'
           + ' https://connect.facebook.net'
           + ' https://d1of0acg2orgco.cloudfront.net'
           + ' https://d1mwkvp2xbqfs9.cloudfront.net'
           + ' https://d24oibycet9bsb.cloudfront.net'
-          + ' https://fast.trychameleon.com'
           + ' https://static.zdassets.com'
+          + ' https://uni-nav.topcoder-dev.com'
+          + ' https://uni-nav.topcoder.com'
+          + ' https://js.hs-analytics.net'
+          + ' https://cdn-3.convertexperiments.com'
           + ' https://www.googletagmanager.com;'
         + " style-src 'report-sample' 'self' 'unsafe-inline'"
           + ` ${config.CDN.PUBLIC}`
@@ -180,8 +182,8 @@ async function onExpressJsSetup(server) {
           + ' https://api.segment.io'
           + ' https://cdn.segment.com'
           + ' https://ekr.zdassets.com'
-          + ' https://fast.trychameleon.com'
           + ' https://stats.g.doubleclick.net'
+          + ' https://region1.analytics.google.com'
           + ' https://www.google-analytics.com;'
         + " font-src 'self'"
           + ' data:'
@@ -211,10 +213,11 @@ async function onExpressJsSetup(server) {
           + ' https://www.googletagmanager.com'
           + ' https://i.ytimg.com'
           + ' https://images.contentful.com'
+          + ' https://member-media.topcoder-dev.com'
+          + ' https://member-media.topcoder.com'
           + ' https://d0.awsstatic.com/logos/;'
         + " manifest-src 'self';"
         + " media-src 'self';"
-        + ' report-uri https://623d4c23f90d055298b24042.endpoint.csper.io/?v=0;'
         + " worker-src 'self';",
       );
     }

diff --git a/src/shared/components/SubmissionPage/Submit/index.jsx b/src/shared/components/SubmissionPage/Submit/index.jsx
@@ -282,34 +282,41 @@ class Submit extends React.Component {
             </div>
             <hr styleName="hr" />
             <div styleName="row agree">
-              <p>
-                Submitting your files means you hereby agree to the
-                &zwnj;
-                {
-                  isChallengeBelongToTopgearGroup ? (
+              &zwnj;
+              {
+                isChallengeBelongToTopgearGroup ? (
+                  <p>
+                    Submitting your link means you hereby agree to the&nbsp;
                     <a
                       href={config.URL.INFO.TOPGEAR_TERMS}
                       rel="noreferrer noopener"
                       target="_blank"
                     >
                       TopGear terms and conditions
                     </a>
-                  ) : (
+                    &nbsp;and to the extent your submission wins a TopGear challenge,
+                    you hereby agree to assign, grant, and transfer to TopGear all right
+                    and title to the Winning Submission.
+                  </p>
+                ) : (
+                  <p>
+                    Submitting your files means you hereby agree to the&nbsp;
                     <a
                       href={config.URL.INFO.TOPCODER_TERMS}
                       rel="noreferrer noopener"
                       target="_blank"
                     >
                       Topcoder terms of use
                     </a>
-                  )
-                }
-                &zwnj;
-                and to the extent your uploaded file wins a topcoder Competition,
-                you hereby assign, grant and transfer and agree to assign, grant and
-                transfer to topcoder all right and title in and to the Winning Submission
-                (as further described in the terms of use).
-              </p>
+                    &nbsp;and to the extent your uploaded file wins a topcoder Competition,
+                    you hereby assign, grant and transfer and agree to assign, grant and
+                    transfer to topcoder all right and title in and to the Winning Submission
+                    (as further described in the terms of use).
+                  </p>
+                )
+              }
+              &zwnj;
+              <p />
               <div styleName="tc-checkbox">
                 <input
                   type="checkbox"