Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
mailman3: Add Content-Security-Policy header | operations/puppet | production | +2 -0 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Security | None | T181803 Stop storing Mailman passwords in plain text | ||
Resolved | None | T118641 Implement proper AAA for lists.wikimedia.org (mailman) | |||
Resolved | None | T190054 List archives on lists.wikimedia.org is not mobile friendly | |||
Resolved | None | T115329 "From" at start of line becomes ">From" in pipermail | |||
Resolved | None | T52864 Upgrade GNU Mailman from 2.1 to Mailman3 | |||
Resolved | Legoktm | T277263 Enable CSP for mailman3 |
Event Timeline
Comment Actions
Change 675073 had a related patch set uploaded (by Legoktm; author: Legoktm):
[operations/puppet@production] mailman3: Add Content-Security-Policy header
Comment Actions
Change 675073 merged by Legoktm:
[operations/puppet@production] mailman3: Add Content-Security-Policy header
Comment Actions
km@cashew ~> curl "https://lists-next.wikimedia.org/postorius/lists/" -I HTTP/1.1 200 OK Date: Fri, 26 Mar 2021 20:23:50 GMT Server: Apache Strict-Transport-Security: max-age=106384710; includeSubDomains; preload Content-Type: text/html; charset=utf-8 x-content-type-options: nosniff x-xss-protection: 1; mode=block X-Frame-Options: DENY Vary: Accept-Language,Cookie,Accept-Encoding Content-Language: en Content-Length: 7445 Backend-Timing: D=188919 t=1616790230695719 Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' km@cashew ~> curl "https://lists-next.wikimedia.org/hyperkitty/" -I HTTP/1.1 200 OK Date: Fri, 26 Mar 2021 20:23:58 GMT Server: Apache Strict-Transport-Security: max-age=106384710; includeSubDomains; preload Content-Type: text/html; charset=utf-8 x-content-type-options: nosniff x-xss-protection: 1; mode=block X-Frame-Options: DENY Vary: Accept-Language,Cookie,Accept-Encoding Content-Language: en Content-Length: 25695 Backend-Timing: D=20106 t=1616790238758061 Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' km@cashew ~> curl "https://lists-next.wikimedia.org/user-profile/" -I HTTP/1.1 302 Found Date: Fri, 26 Mar 2021 20:24:35 GMT Server: Apache Strict-Transport-Security: max-age=106384710; includeSubDomains; preload Content-Type: text/html; charset=utf-8 Location: /accounts/login/?next=/user-profile/ x-content-type-options: nosniff x-xss-protection: 1; mode=block X-Frame-Options: DENY Vary: Accept-Language,Cookie Content-Language: en Backend-Timing: D=2724 t=1616790275502961 Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'