[MediaWiki-commits] [Gerrit] operations/puppet[production]: Include favicon.ico in image CSP report-only header

Thu, 25 Aug 2016 12:53:36 -0700 

Brian Wolff has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/306733

Change subject: Include favicon.ico in image CSP report-only header
......................................................................

Include favicon.ico in image CSP report-only header

Chrome seems to check the CSP header before fetching favicon.ico,
add it to the allowed list of image sources.

Change-Id: I32bcfb446c81ec100d3f06a6efa2ba22e700e466
---
M templates/varnish/upload-frontend.inc.vcl.erb
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/33/306733/1

diff --git a/templates/varnish/upload-frontend.inc.vcl.erb 
b/templates/varnish/upload-frontend.inc.vcl.erb
index 88b4c05..649bdc4 100644
--- a/templates/varnish/upload-frontend.inc.vcl.erb
+++ b/templates/varnish/upload-frontend.inc.vcl.erb
@@ -118,7 +118,7 @@
        // Restrict uploads from loading external resources. (T117618)
        // Currently experimental and testing on test/test2/el.wikipedia.org 
only.
        if (req.url ~ "^/wikipedia/(el|test)") {
-               set resp.http.Content-Security-Policy-Report-Only = 
"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src 
data:; media-src data:; sandbox; report-uri 
https://test.wikipedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&";;
+               set resp.http.Content-Security-Policy-Report-Only = 
"default-src 'none'; style-src 'unsafe-inline' data:; font-src data:; img-src 
data: https://upload.wikimedia.org/favicon.ico; media-src data:; sandbox; 
report-uri 
https://test.wikipedia.org/w/api.php?reportonly=1&source=image&action=cspreport&format=json&";;
                set resp.http.X-Content-Security-Policy-Report-Only = 
resp.http.Content-Security-Policy-Report-Only;
                set resp.http.X-Webkit-CSP-Report-Only = 
resp.http.Content-Security-Policy-Report-Only;
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/306733
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I32bcfb446c81ec100d3f06a6efa2ba22e700e466
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Brian Wolff <bawolff...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to