Closed
Bug 1388808
Opened 7 years ago
Closed 7 years ago
Set CSP headers in Nginx
Categories
(Socorro :: Symbols, task)
Socorro
Symbols
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: peterbe, Assigned: peterbe)
References
Details
Attachments
(1 file)
1.18 MB,
image/png
|
Details |
Some requests (in particular the frontend) are static assets going straight from Nginx disk back to the client. E.g. / serves the /index.html file. That means we never go into Django where django_csp sets CSP headers. Let's move all CSP setting to Nginx.
Assignee | ||
Comment 1•7 years ago
|
||
I'll make a PR on https://github.com/mozilla-services/cloudops-deployment/blob/symbols/projects/symbols/puppet/modules/symbols/templates/http_symbols.conf.erb and I'll remove django_csp and its settings.
Assignee: nobody → peterbe
Assignee | ||
Comment 2•7 years ago
|
||
PR https://github.com/mozilla-services/cloudops-deployment/pull/1001
Assignee | ||
Comment 3•7 years ago
|
||
https://github.com/mozilla-services/cloudops-deployment/commit/489d23f4fa1ba7234e03d53c11c9276e9e494260
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 4•7 years ago
|
||
Yay!
You need to log in
before you can comment on or make changes to this bug.
Description
•