indygreg created this revision. Herald added a subscriber: mercurial-devel. Herald added a reviewer: hg-reviewers.
REVISION SUMMARY A side-effect of https://phab.mercurial-scm.org/rHG98baf8dea553430c8093c244dbad8d79f4a23f88 was that the Content-Security-Policy header was set on all HTTP responses by default. This header wasn't in our list of allowed headers for HTTP 304 responses. This would trigger a ProgrammingError when a 304 response was issued via hgwebdir. This commit adds Content-Security-Policy to the allow list of headers for 304 responses so we no longer encounter the error. REPOSITORY rHG Mercurial REVISION DETAIL https://phab.mercurial-scm.org/D3436 AFFECTED FILES mercurial/hgweb/request.py tests/test-hgweb-csp.t CHANGE DETAILS diff --git a/tests/test-hgweb-csp.t b/tests/test-hgweb-csp.t --- a/tests/test-hgweb-csp.t +++ b/tests/test-hgweb-csp.t @@ -57,8 +57,8 @@ $ get-with-headers.py --twice --headeronly localhost:$HGPORT repo1/static/style.css content-security-policy 200 Script output follows content-security-policy: script-src https://example.com/ 'unsafe-inline' - 500 Internal Server Error - [1] + 304 Not Modified + content-security-policy: script-src https://example.com/ 'unsafe-inline' repo page should send CSP by default, include etag w/o nonce diff --git a/mercurial/hgweb/request.py b/mercurial/hgweb/request.py --- a/mercurial/hgweb/request.py +++ b/mercurial/hgweb/request.py @@ -473,6 +473,7 @@ if k.lower() not in ('date', 'etag', 'expires', 'cache-control', 'content-location', + 'content-security-policy', 'vary')} if badheaders: raise error.ProgrammingError( To: indygreg, #hg-reviewers Cc: mercurial-devel _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
