If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Status

Socorro
Symbols
RESOLVED FIXED
2 months ago
2 months ago

People

(Reporter: peterbe, Assigned: peterbe)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

2 months ago
Some requests (in particular the frontend) are static assets going straight from Nginx disk back to the client. E.g. / serves the /index.html file.
That means we never go into Django where django_csp sets CSP headers.

Let's move all CSP setting to Nginx.
(Assignee)

Comment 1

2 months ago
I'll make a PR on https://github.com/mozilla-services/cloudops-deployment/blob/symbols/projects/symbols/puppet/modules/symbols/templates/http_symbols.conf.erb 
and I'll remove django_csp and its settings.
Assignee: nobody → peterbe
(Assignee)

Comment 2

2 months ago
PR https://github.com/mozilla-services/cloudops-deployment/pull/1001
(Assignee)

Updated

2 months ago
Blocks: 1389194
(Assignee)

Comment 3

2 months ago
https://github.com/mozilla-services/cloudops-deployment/commit/489d23f4fa1ba7234e03d53c11c9276e9e494260
Status: NEW → RESOLVED
Last Resolved: 2 months ago
Resolution: --- → FIXED
(Assignee)

Comment 4

2 months ago
Created attachment 8895990 [details]
Screen Shot 2017-08-10 at 4.21.38 PM.png

Yay!
You need to log in before you can comment on or make changes to this bug.