There's some info in this commit: https://github.com/mozilla/treeherder/commit/5b7209be2914fd1b1f5a3e5125b33c7b6d06b701 I think Ed wanted warnings + reporting to New Relic. I've found this: https://insights.newrelic.com/accounts/677903/explorer/events?eventType=CSP%20violation&duration=604800000&facet=referrer There's 18.7k font CSP violations in the last 7 days. I see "shortcut icon" using "data:"; is that related? What is the actual violation happening? I don't understand very well what's happening. In case we need help April King works for us. I saw this add-on recommended (not that I understand it): https://addons.mozilla.org/en-US/firefox/addon/laboratory-by-mozilla/ Not sure if we actually block anything: > Once this has been deployed to production, and we're happy that the policy is not too strict (ie blocking things we shouldn't be), we can switch it to being a full CSP header and not the report-only version, so it actually starts taking effect. We can also now taclke bug 1529862 since we don't use `react-select` anymore.
Bug 1636570 Comment 6 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
There's some info in this commit: https://github.com/mozilla/treeherder/commit/5b7209be2914fd1b1f5a3e5125b33c7b6d06b701 I think Ed wanted warnings + reporting to New Relic. I've found this: https://insights.newrelic.com/accounts/677903/explorer/events?eventType=CSP%20violation&duration=604800000&facet=referrer There's 18.7k font CSP violations in the last 7 days. I see "shortcut icon" using "data:"; is that related? What is the actual violation happening? I don't understand very well what's happening. In case we need help April King works for us. I saw this add-on recommended (not that I understand it): https://addons.mozilla.org/en-US/firefox/addon/laboratory-by-mozilla/ Not sure if we actually block anything: > Once this has been deployed to production, and we're happy that the policy is not too strict (ie blocking things we shouldn't be), we can switch it to being a full CSP header and not the report-only version, so it actually starts taking effect.