recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix Content-Security-Policy headers on "Email Login" page

Summary:
In D20100, I changed this page from returning a `newPage()` with a dialog as its content to returning a more modern `newDialog()`.

However, the magic to add stuff to the CSP header is actually only on the `newPage()` pathway today, so this accidentally dropped the extra "Content-Security-Policy" rule for Google.

Lift the magic up one level so both Dialog and Page responses hit it.

Test Plan:
- Configured Recaptcha.
- Between D20100 and this patch: got a CSP error on the Email Login page.
- After this patch: clicked all the pictures of cars / store fronts.

Reviewers: amckinley

Reviewed By: amckinley

Differential Revision: https://secure.phabricator.com/D20163

epriestley c5772f51 889eca1a

+11 -7
+11
src/aphront/sink/AphrontHTTPSink.php
··· 111 111 // HTTP headers. 112 112 $data = $response->getContentIterator(); 113 113 114 + // This isn't an exceptionally clean separation of concerns, but we need 115 + // to add CSP headers for all response types (including both web pages 116 + // and dialogs) and can't determine the correct CSP until after we render 117 + // the page (because page elements like Recaptcha may add CSP rules). 118 + $static = CelerityAPI::getStaticResourceResponse(); 119 + foreach ($static->getContentSecurityPolicyURIMap() as $kind => $uris) { 120 + foreach ($uris as $uri) { 121 + $response->addContentSecurityPolicyURI($kind, $uri); 122 + } 123 + } 124 + 114 125 $all_headers = array_merge( 115 126 $response->getHeaders(), 116 127 $response->getCacheHeaders());
-7
src/view/page/PhabricatorStandardPageView.php
··· 892 892 $response = id(new AphrontWebpageResponse()) 893 893 ->setContent($content) 894 894 ->setFrameable($this->getFrameable()); 895 - 896 - $static = CelerityAPI::getStaticResourceResponse(); 897 - foreach ($static->getContentSecurityPolicyURIMap() as $kind => $uris) { 898 - foreach ($uris as $uri) { 899 - $response->addContentSecurityPolicyURI($kind, $uri); 900 - } 901 - } 902 895 } 903 896 904 897 return $response;