Closed Bug 990246 Opened 11 years ago Closed 11 years ago

CSP notices on stage

Categories

(Marketplace Graveyard :: Integration, defect, P3)

Product:
Marketplace Graveyard
Component:
Integration
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: clouserw, Assigned: clouserw)

Details

All our CSP settings are at https://github.com/mozilla/zamboni/blob/master/lib/settings_base.py#L1255 This is talking about the CSP_IMG_SRC at least, and I'm not sure what the second one is (default-src isn't a thing, afaik). I don't see it in the policy either (https://marketplace.allizom.org/services/csp/policy). Anyway, ?oremj because I don't know if we should be adding the new CDNs to this whitelist of if they are temporary or what. Can you tell me what to add/remove from the link above? Thanks.
Flags: needinfo?(oremj)
Look okay now?
Flags: needinfo?(oremj)
The only other one I see is: [JavaScript Warning: "Content Security Policy: The page's settings blocked the loading of a resource at https://marketplace-stage.cdn.mozilla.net/media/fireplace/fonts/FiraSans/firasansot-medium-webfont.woff?1396465215731 ("font-src https://marketplace.allizom.org:443 https://fonts.mozilla.org:443 https://www.mozilla.org:443")."] Should I adjust the policy to include marketplace-stage.cdn.m.n?
Yes please.
These are all adjusted (and honestly, greatly relaxed).
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.