Implement Content Security Policies throughout webapp

RESOLVED FIXED

Status

Socorro
Webapp
RESOLVED FIXED
2 years ago
a year ago

People

(Reporter: peterbe, Assigned: peterbe)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

2 years ago
Created attachment 8795441 [details]
Screen Shot 2016-09-27 at 3.35.35 PM.png

See attached screenshot.
(Assignee)

Updated

2 years ago
Assignee: nobody → peterbe

Comment 1

2 years ago
Commit pushed to master at https://github.com/mozilla/socorro

https://github.com/mozilla/socorro/commit/ec1fad50ca12c6fd8e9cbf906da1a5f3fe02b689
Bug 1305821 implement content security policies throughout webapp (#3622)

* fixes bug 1305821 - Implement Content Security Policies throughout webapp

* disallow eval, allow data: img

* Added telemetry exception to report/index.

* Upgraded select2 to version 3.5.4 to avoid CSP error with using onclick.
(Assignee)

Comment 2

a year ago
I can't remember anymore why I didn't make this PR automatically close the bug. The CSP is now implemented and we get an A on The Observatory. 
If there's more work to do we can reopen.
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.