Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

blogs: add CSP report header to blog sites #72

Merged
merged 1 commit into from
Dec 15, 2024
Merged

blogs: add CSP report header to blog sites #72

merged 1 commit into from
Dec 15, 2024

Conversation

timmywil
Copy link
Member

@timmywil timmywil commented Dec 14, 2024
edited
Loading

Rather than making changes to the blog wordpress theme, I've added the CSP report header for the blogs sites via nginx and the blogs yaml. Once the blog uses jquery-wp-content as its theme, we can drop this.

Ref #54

@timmywil timmywil requested a review from Krinkle December 14, 2024 20:55
@Krinkle
Copy link
Member

Krinkle commented Dec 15, 2024 

root@2075a567596f:/infrastructure-puppet# octocatalog-diff --environment production -n wpblogs-01.ops.jquery.net
…
I, [2024-12-15T15:04:27.846751 #4039]  INFO -- : Catalogs compiled for wpblogs-01.ops.jquery.net
I, [2024-12-15T15:04:27.898928 #4039]  INFO -- : Diffs computed for wpblogs-01.ops.jquery.net
  File[/etc/nginx/sites-available/default-tls] =>
   parameters =>
     content =>
      @@ -17,4 +17,8 @@
         server_tokens off;
      _
      +  # Add Content Security Policy headers
      +  add_header Reporting-Endpoints "csp-endpoint='https://csp-report-api.openjs-foundation.workers.dev/'";
      +  add_header Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' code.jquery.com; report-uri https://csp-report-api.openjs-foundation.workers.dev/; report-to csp-endpoint" always;
      +
         location /.well-known/acme-challenge {
           root /var/www/letsencrypt/;
*******************************************
  Nginx::Site[default-tls] =>
   parameters =>
     content =>
      @@ -17,4 +17,8 @@
         server_tokens off;
      _
      +  # Add Content Security Policy headers
      +  add_header Reporting-Endpoints "csp-endpoint='https://csp-report-api.openjs-foundation.workers.dev/'";
      +  add_header Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' code.jquery.com; report-uri https://csp-report-api.openjs-foundation.workers.dev/; report-to csp-endpoint" always;
      +
         location /.well-known/acme-challenge {
           root /var/www/letsencrypt/;
*******************************************

@timmywil
Copy link
Member Author

Indeed, that is the diff for blogs. And the diff for wp-04 and wp-05 is just an added newline.

root@12ca945fbadb:/infrastructure-puppet# octocatalog-diff --environment production -n wp-04.ops.jquery.net
I, [2024-12-15T15:42:53.162383 #3964]  INFO -- : Catalogs compiled for wp-04.ops.jquery.net
I, [2024-12-15T15:42:53.429824 #3964]  INFO -- : Diffs computed for wp-04.ops.jquery.net
  File[/etc/nginx/sites-available/default-tls] =>
   parameters =>
     content =>
      @@ -17,4 +17,5 @@
         server_tokens off;
      _
      +
         location /.well-known/acme-challenge {
           root /var/www/letsencrypt/;
*******************************************
  Nginx::Site[default-tls] =>
   parameters =>
     content =>
      @@ -17,4 +17,5 @@
         server_tokens off;
      _
      +
         location /.well-known/acme-challenge {
           root /var/www/letsencrypt/;
*******************************************

@timmywil timmywil merged commit 7019e41 into jquery:staging Dec 15, 2024
2 checks passed
@timmywil timmywil deleted the csp_blogs branch December 15, 2024 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Krinkle Krinkle Krinkle approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timmywil @Krinkle