Brian Wolff has uploaded a new change for review. https://gerrit.wikimedia.org/r/306733
Change subject: Include favicon.ico in image CSP report-only header ...................................................................... Include favicon.ico in image CSP report-only header Chrome seems to check the CSP header before fetching favicon.ico, add it to the allowed list of image sources. Change-Id: I32bcfb446c81ec100d3f06a6efa2ba22e700e466 --- M templates/varnish/upload-frontend.inc.vcl.erb 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/33/306733/1 diff --git a/templates/varnish/upload-frontend.inc.vcl.erb b/templates/varnish/upload-frontend.inc.vcl.erb index 88b4c05..649bdc4 100644 --- a/templates/varnish/upload-frontend.inc.vcl.erb +++ b/templates/varnish/upload-frontend.inc.vcl.erb @@ -118,7 +118,7 @@ // Restrict uploads from loading external resources. (T117618) // Currently experimental and testing on test/test2/el.wikipedia.org only. if (req.url ~ "^/wikipedia/(el|test)") { - set resp.http.Content-Security-Policy-Report-Only = "default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data:; media-src data:; sandbox; report-uri https://test.wikipedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&"; + set resp.http.Content-Security-Policy-Report-Only = "default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src data: https://upload.wikimedia.org/favicon.ico; media-src data:; sandbox; report-uri https://test.wikipedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&"; set resp.http.X-Content-Security-Policy-Report-Only = resp.http.Content-Security-Policy-Report-Only; set resp.http.X-Webkit-CSP-Report-Only = resp.http.Content-Security-Policy-Report-Only; } -- To view, visit https://gerrit.wikimedia.org/r/306733 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I32bcfb446c81ec100d3f06a6efa2ba22e700e466 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Brian Wolff <bawolff...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits