HomePhabricator
Diffusion Wikimedia Puppet 67a56304bf64

Add CSP headers for doc.wikimedia.org
67a56304bf64
Actions

Description

Add CSP headers for doc.wikimedia.org

The domain hosts static assets generated from source code, namely
documentation. Add some Content-Security-Policy headers to restrict what
is accessible to browsers.

The Content-Security-Policy content has been proposed by @Bawolff and
would certainly cause some havoc here and there. But we get the reports
logged and would then be able to finely tune it for our purpose.

Since the header value is rather long, split it using backslashes, as
explained in Apache 2.4 configuration:
https://httpd.apache.org/docs/2.4/configuring.html#syntax

Hosts: doc1001.eqiad.wmnet

Bug: T213223
Change-Id: Iad6a4f52579c1f2b8b0f780b73b3bd1b7a29b0fc

Details

Provenance
DzahnAuthored on Sep 11 2019, 5:14 PM
Parents
rOPUP916f8e8418ee: Remove eventbus LVS hiera entries
Branches
Unknown
Tags
Unknown
ChangeId
Iad6a4f52579c1f2b8b0f780b73b3bd1b7a29b0fc

Changes (1)

PathSize
modules/
profile/
templates/
doc/

rOPUP67a56304bf64

View Options

modules/profile/templates/doc/httpd-doc.wikimedia.org.erb

Loading...
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL