[Wikidata-bugs] [Maniphest] [Commented On] T238618: Adopt a CSP policy for query.wikidata.org

Sun, 24 Nov 2019 07:58:45 -0800 

Bawolff added a comment.


  So revised suggested CSP header:
  
  For everything except in the polestar directory:
  
    default-src 'self' data:; 
    style-src 'unsafe-inline' data: 'self';
    img-src data: 'self' upload.wikimedia.org commons.wikimedia.org;
    media-src data: 'self' upload.wikimedia.org commons.wikimedia.org;
    script-src 'report-sample' https://query.wikidata.org/js/ blob:; 
    connect-src meta.wikimedia.org/w/api.php www.wikidata.org/w/api.php 'self' 
query.wikidata.org;
    object-src 'none';
    report-uri 
https://www.wikidata.org/w/api.php?action=cspreport&format=none&source=wdqs
  
  For the polestar directory:
  
    default-src 'self' data:;
    style-src 'unsafe-inline' data: 'self';
    img-src data: 'self' upload.wikimedia.org commons.wikimedia.org;
    media-src data: 'self' upload.wikimedia.org commons.wikimedia.org;
    script-src 'report-sample' https://query.wikidata.org/polestar/scripts/ 
'unsafe-eval';
    object-src 'none';
    sandbox allow-scripts;
    report-uri 
https://www.wikidata.org/w/api.php?action=cspreport&format=none&source=wdqs-polestar
  
  This will cause the bookmark feature of polestar to be disabled (Is that 
acceptable?). It will also break the import data option, but that doesn't look 
like it works anyways, and isn't shown in the normal workflow.

TASK DETAIL
  https://phabricator.wikimedia.org/T238618

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Bawolff
Cc: Lucas_Werkmeister_WMDE, Aklapper, Bawolff, Hook696, Daryl-TTMG, 
RomaAmorRoma, 0010318400, E.S.A-Sheild, darthmon_wmde, Meekrab2012, 
joker88john, DannyS712, CucyNoiD, Nandana, NebulousIris, Gaboe420, Versusxo, 
Majesticalreaper22, Giuliamocci, Adrian1985, Cpaulf30, Lahi, Gq86, Af420, 
Darkminds3113, Bsandipan, Lordiis, GoranSMilovanovic, Adik2382, Th3d3v1ls, 
Ramalepe, Liugev6, QZanden, EBjune, merbst, LawExplorer, Salgo60, WSH1906, 
Lewizho99, Maathavan, _jensen, rosalieper, Scott_WUaS, Jonas, Xmlizer, jkroll, 
Smalyshev, Wikidata-bugs, Jdouglas, aude, Tobias1984, Manybubbles, 
Lydia_Pintscher, Mbch331

_______________________________________________
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs

Reply via email to