Closed Bug 1315303 Opened 9 years ago Closed 9 years ago

ATMO V2: remove CSP unsafe-inline script-src

Categories

(Cloud Services Graveyard :: Metrics: Pipeline, defect, P1)

Product:
Cloud Services Graveyard
Component:
Metrics: Pipeline
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: u581815, Assigned: jezdez)

References

Details

Attachments

(3 files)

0001-Move-inline-raven-script-to-separate-file.patch
1.78 KB, patch
jezdez
: review+
Details | Diff | Splinter Review
0002-remove-CSP-unsafe-inline-script-src.patch
601 bytes, patch
jezdez
: review+
Details | Diff | Splinter Review
[telemetry-analysis-service] mozilla:bug1315303 > mozilla:master
61 bytes, text/x-github-pull-request
Details | Review
Pulled out the raven install script jezdez as recommended here: https://github.com/mozilla-services/cloudsec/issues/119#issuecomment-258274734 As a simple smoke test with the patches below applied I: 1. set a non-empty Raven DSN in atmo/settings.py so raven install was included 2. ran "make clean static up" 3. loaded / 4. verified that there weren't any CSP errors in the browser console
Assignee: nobody → jezdez
Nothing sensitive here, so removing security flag.
Group: cloud-services-security
Status: NEW → ASSIGNED
Points: --- → 1
Priority: -- → P1
Attachment #8807616 - Flags: review+
Attachment #8807619 - Flags: review+
Thanks Greg, I've filed a PR in the GitHub project just for completeness sake. Cheers!
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Blocks: 1248688
Product: Cloud Services → Cloud Services Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: