[dev] Mozillians-dev is generating a large volume of CSP Violations

VERIFIED FIXED

Status

VERIFIED FIXED
6 years ago
6 years ago

People

(Reporter: mbrandt, Unassigned)

Tracking

Details

(Whiteboard: [dev])

(Reporter)

Description

6 years ago
Mozillians-dev is generating 100's of CSP violation emails, the typical culprits are:

Content Security Policy Violation Report

Request:
Blocked URI: https://www.mozilla.org/
Violation: default-src https://mozillians-dev.allizom.org:443
Request Headers:

----------------
Content Security Policy Violation Report

Request:
Blocked URI: https://mozorg.cdn.mozilla.net/
Violation: default-src https://mozillians-dev.allizom.org:443
Request Headers:

-----------------
Content Security Policy Violation Report

Request:
Blocked URI: https://www.mozilla.org/tabzilla/media/js/tabzilla.js
Violation: script-src https://mozillians-dev.allizom.org:443 https://mozorg.cdn.mozilla.net:443 http://www.google-analytics.com:80 https://ssl.google-analytics.com:443 https://www.google-analytics.com:443 https://browserid.org:443 https://login.persona.org:443
Request Headers:

----------------
Content Security Policy Violation Report

Request:
Blocked URI: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAABlBMVEX%2F%2F%2F9ISEhr7AOpAAAAAXRSTlMAQObYZgAAACVJREFUCNdjYEACHAIMMhYMdjUM8j8Y%2BD8wsD9gYD7AwNiArAQAd4oFaCu14IQAAAAASUVORK5CYII%3D
Violation: img-src https://mozillians-dev.allizom.org:443 https://mozorg.cdn.mozilla.net:443 http://www.google-analytics.com:80 https://ssl.google-analytics.com:443 http://www.gravatar.com:80 https://i1.wp.com:443 https://secure.gravatar.com:443
Request Headers:
https://github.com/mozilla/mozillians/commit/dd2e2d8bf33b954c869070230a53b7d977bc0dfb
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Reporter)

Comment 2

6 years ago
QA verified - dev is no longer sending out these violation emails
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.