Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(docs): Fix Content-Security-Policy (CSP) rules for website #4567

Merged
merged 1 commit into from
May 15, 2024
Merged

fix(docs): Fix Content-Security-Policy (CSP) rules for website #4567

merged 1 commit into from
May 15, 2024

Conversation

jippi
Copy link
Contributor

@jippi jippi commented May 15, 2024
edited
Loading

what

Fix Content-Security-Policy (CSP) errors on the new site.

  • Google Analytics work
  • Netlify "preview" iframe works
  • Google Tag Manager works
  • Algolia search works

Considering there are no auth or PII on the site, I wonder if it would be simpler to just not enforce CSP to begin with though 🤔

Preview site: https://deploy-preview-4567--runatlantis.netlify.app/

@jippi jippi requested review from a team as code owners May 15, 2024 11:55
@jippi jippi requested review from GenPage, lukemassa and X-Guardian and removed request for a team May 15, 2024 11:55
@jippi jippi force-pushed the fix-netlify-headers branch 10 times, most recently from 1ac20e8 to 2fd44b6 Compare May 15, 2024 12:41
@jippi jippi changed the title fix(docs): fix cors and csp fix(docs): Fix CSP May 15, 2024
@jippi jippi force-pushed the fix-netlify-headers branch 3 times, most recently from bb8d495 to fd614a5 Compare May 15, 2024 12:46
@jippi jippi changed the title fix(docs): Fix CSP fix(docs): Fix Content-Security-Policy (CSP) rules for website May 15, 2024
@jippi
Copy link
Contributor Author

jippi commented May 15, 2024

Considering there are no auth or PII on the site, I wonder if it would be simpler to just not enforce CSP to begin with though 🤔

@X-Guardian
Copy link
Contributor

It is done now, and it protects against malicious third party script injections.

@X-Guardian
Copy link
Contributor

Are you happy for me to merge?

@chenrui333 chenrui333 merged commit 602a30a into runatlantis:main May 15, 2024
25 checks passed
@jippi jippi deleted the fix-netlify-headers branch May 15, 2024 13:06
@chenrui333 chenrui333 mentioned this pull request May 15, 2024
Merged
@BrewTestBot BrewTestBot mentioned this pull request May 22, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenrui333 chenrui333 chenrui333 approved these changes

@X-Guardian X-Guardian X-Guardian approved these changes

@GenPage GenPage Awaiting requested review from GenPage GenPage is a code owner automatically assigned from runatlantis/maintainers

@lukemassa lukemassa Awaiting requested review from lukemassa lukemassa is a code owner automatically assigned from runatlantis/core-contributors

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jippi @X-Guardian @chenrui333