Page MenuHomePhabricator

Make beta cluster CSP look identical to prod, except that it uses beta urls
Closed, ResolvedPublic

Description

See also discussion at T240960

Right now there is some differences between prod and beta CSP. Since beta should be testing for prod, we should minimize differences.

There is a question of: Do we put sources in CSP for prod wikis (So you can say load your enwiki gadget from prod). I'm not sure, but i think it makes the most sense for beta to be as much like prod as possible, in which case that means only allowing domains that are in the beta cluster.

Event Timeline

Bawolff created this task.Feb 24 2020, 10:47 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 24 2020, 10:47 AM

Change 574405 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[operations/mediawiki-config@master] Make Beta labs CSP settings be same as prod but with beta urls

https://gerrit.wikimedia.org/r/574405

Change 574405 merged by jenkins-bot:
[operations/mediawiki-config@master] Make Beta labs CSP settings be same as prod but with beta urls

https://gerrit.wikimedia.org/r/574405

Mentioned in SAL (#wikimedia-operations) [2020-02-25T00:21:54Z] <jforrester@deploy1001> Synchronized wmf-config/InitialiseSettings.php: T245983 Set wmgApprovedContentSecurityPolicyDomains (duration: 00m 57s)

Mentioned in SAL (#wikimedia-operations) [2020-02-25T00:23:18Z] <jforrester@deploy1001> Synchronized wmf-config/CommonSettings.php: T245983 Read wmgApprovedContentSecurityPolicyDomains for CSP (duration: 00m 56s)

Bawolff closed this task as Resolved.Mar 1 2020, 11:40 PM
Bawolff claimed this task.