Page MenuHomePhabricator
Create Task
Maniphest T218147

Allow app:// protocol in mobile-html CSP headers
Closed, ResolvedPublic
Actions

Description

From T217348#5002107:
The issue we're running into with the current implementation is that the x-content-security-policy header excludes custom schemes for script-src and style-src. Could they be updated to be less restrictive? The [iOS] app works with the app:// scheme URLs added:

...script-src app://meta.wikimedia.org  https://meta.wikimedia.org 'unsafe-inline'; style-src app://meta.wikimedia.org https://meta.wikimedia.org app://*.wikipedia.org https://*.wikipedia.org 'self' 'unsafe-inline';...

Details

SubjectRepoBranchLines +/-
Allow app:// protocol in mobile-html CSP headersmediawiki/services/mobileappsmaster+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

bearND created this task.Mar 12 2019, 7:33 PM
bearND triaged this task as Medium priority.Mar 12 2019, 7:47 PM
MSantos claimed this task.Mar 13 2019, 1:05 PM
MSantos updated the task description. (Show Details)Mar 13 2019, 3:18 PM
gerritbot added a comment.Mar 13 2019, 4:07 PM

Change 496191 had a related patch set uploaded (by MSantos; owner: MSantos):
[mediawiki/services/mobileapps@master] Allow app:// protocol in mobile-html CSP headers

https://gerrit.wikimedia.org/r/496191

gerritbot added a project: Patch-For-Review.Mar 13 2019, 4:07 PM
MSantos moved this task from To Do to Doing on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.Mar 13 2019, 4:07 PM
gerritbot added a comment.Mar 13 2019, 6:08 PM

Change 496191 merged by jenkins-bot:
[mediawiki/services/mobileapps@master] Allow app:// protocol in mobile-html CSP headers

https://gerrit.wikimedia.org/r/496191

bearND moved this task from Doing to To Deploy on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.Mar 13 2019, 6:38 PM
bearND moved this task from To Deploy to Sign off on the Product-Infrastructure-Team-Backlog-Deprecated (Kanban) board.Mar 13 2019, 8:28 PM
bearND added a comment.Mar 13 2019, 8:31 PM

Deployed a few minutes ago deploy/2019-03-13/5f8e4e61.

bearND added a parent task: T177433: Develop HTML Content API to be used with companion structured JSON APIs.Mar 15 2019, 7:47 PM
MSantos closed this task as Resolved.Apr 12 2019, 4:37 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL