874931 - [dev] Mozillians-dev is generating a large volume of CSP Violations

Status: VERIFIED FIXED

(Participation Infrastructure :: Phonebook, defect)

Description

[Matt Brandt [:mbrandt]]

Mozillians-dev is generating 100's of CSP violation emails, the typical culprits are:

Content Security Policy Violation Report

Request:
Blocked URI: https://www.mozilla.org/
Violation: default-src https://mozillians-dev.allizom.org:443
Request Headers:

----------------
Content Security Policy Violation Report

Request:
Blocked URI: https://mozorg.cdn.mozilla.net/
Violation: default-src https://mozillians-dev.allizom.org:443
Request Headers:

-----------------
Content Security Policy Violation Report

Request:
Blocked URI: https://www.mozilla.org/tabzilla/media/js/tabzilla.js
Violation: script-src https://mozillians-dev.allizom.org:443 https://mozorg.cdn.mozilla.net:443 http://www.google-analytics.com:80 https://ssl.google-analytics.com:443 https://www.google-analytics.com:443 https://browserid.org:443 https://login.persona.org:443
Request Headers:

----------------
Content Security Policy Violation Report

Request:
Blocked URI: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAABlBMVEX%2F%2F%2F9ISEhr7AOpAAAAAXRSTlMAQObYZgAAACVJREFUCNdjYEACHAIMMhYMdjUM8j8Y%2BD8wsD9gYD7AwNiArAQAd4oFaCu14IQAAAAASUVORK5CYII%3D
Violation: img-src https://mozillians-dev.allizom.org:443 https://mozorg.cdn.mozilla.net:443 http://www.google-analytics.com:80 https://ssl.google-analytics.com:443 http://www.gravatar.com:80 https://i1.wp.com:443 https://secure.gravatar.com:443
Request Headers:

Comment 1

[Andrei [:sancus]]

https://github.com/mozilla/mozillians/commit/dd2e2d8bf33b954c869070230a53b7d977bc0dfb

Comment 2

[Matt Brandt [:mbrandt]]

QA verified - dev is no longer sending out these violation emails