Page MenuHomePhabricator
Create Task
Maniphest T277263

Enable CSP for mailman3
Closed, ResolvedPublic
Actions

Description

See https://wiki.archlinux.org/index.php/Hyperkitty#Content-Security-Policy_Header

Details

SubjectRepoBranchLines +/-
mailman3: Add Content-Security-Policy headeroperations/puppetproduction+2 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Legoktm created this task.Mar 12 2021, 5:54 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 12 2021, 5:54 AM
Maintenance_bot added a project: SRE.Mar 12 2021, 6:45 AM
Legoktm claimed this task.Mar 15 2021, 9:28 PM
Legoktm triaged this task as Medium priority.
Ladsgroup moved this task from Backlog to Mailman v3 on the Wikimedia-Mailing-lists board.Mar 25 2021, 5:31 AM
gerritbot added a comment.Mar 26 2021, 8:10 AM

Change 675073 had a related patch set uploaded (by Legoktm; author: Legoktm):
[operations/puppet@production] mailman3: Add Content-Security-Policy header

https://gerrit.wikimedia.org/r/675073

gerritbot added a project: Patch-For-Review.Mar 26 2021, 8:10 AM
gerritbot added a comment.Mar 26 2021, 8:21 PM

Change 675073 merged by Legoktm:
[operations/puppet@production] mailman3: Add Content-Security-Policy header

https://gerrit.wikimedia.org/r/675073

Legoktm closed this task as Resolved.Mar 26 2021, 8:25 PM
km@cashew ~> curl "https://lists-next.wikimedia.org/postorius/lists/" -I
HTTP/1.1 200 OK
Date: Fri, 26 Mar 2021 20:23:50 GMT
Server: Apache
Strict-Transport-Security: max-age=106384710; includeSubDomains; preload
Content-Type: text/html; charset=utf-8
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Frame-Options: DENY
Vary: Accept-Language,Cookie,Accept-Encoding
Content-Language: en
Content-Length: 7445
Backend-Timing: D=188919 t=1616790230695719
Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'

km@cashew ~> curl "https://lists-next.wikimedia.org/hyperkitty/" -I
HTTP/1.1 200 OK
Date: Fri, 26 Mar 2021 20:23:58 GMT
Server: Apache
Strict-Transport-Security: max-age=106384710; includeSubDomains; preload
Content-Type: text/html; charset=utf-8
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Frame-Options: DENY
Vary: Accept-Language,Cookie,Accept-Encoding
Content-Language: en
Content-Length: 25695
Backend-Timing: D=20106 t=1616790238758061
Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'

km@cashew ~> curl "https://lists-next.wikimedia.org/user-profile/" -I
HTTP/1.1 302 Found
Date: Fri, 26 Mar 2021 20:24:35 GMT
Server: Apache
Strict-Transport-Security: max-age=106384710; includeSubDomains; preload
Content-Type: text/html; charset=utf-8
Location: /accounts/login/?next=/user-profile/
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Frame-Options: DENY
Vary: Accept-Language,Cookie
Content-Language: en
Backend-Timing: D=2724 t=1616790275502961
Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
Maintenance_bot removed a project: Patch-For-Review.Mar 26 2021, 9:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL