Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Content-Security-Policy #1016

Merged
merged 10 commits into from
Feb 4, 2025
Merged

Update Content-Security-Policy #1016

Changes from 4 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
0e92afc
Update img-src CSP
maximilianoertel Jan 24, 2025
eaea389
Fix cloud functions host CSP
maximilianoertel Jan 24, 2025
04f9ecb
Update firebase.json
richford Jan 27, 2025
53ae8d8
Update firebase.json
richford Jan 27, 2025
a84b2fb
Merge branch 'main' into enh/692/update-csp
Emily-ejag Jan 30, 2025
33c4be8
increasing time for ci build
Emily-ejag Jan 30, 2025
fd4fef2
Merge branch 'main' into enh/692/update-csp
maximilianoertel Jan 31, 2025
f31895a
Add buckets to img-src and media-src CSP
maximilianoertel Jan 31, 2025
23ee74c
Merge branch 'main' into enh/692/update-csp
Emily-ejag Feb 3, 2025
1601b8f
Remove deprecatd roam-fluency bucket
maximilianoertel Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions firebase.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
"headers": [
{
"key": "Content-Security-Policy-Report-Only",
"value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com https://js.sentry-cdn.com blob:; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://firestore.googleapis.com https://identitytoolkit.googleapis.com https://raw.githubusercontent.com/yeatmanlab/ https://us-central1-gse-roar-admin-dev.cloudfunctions.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.sentry.io; frame-src 'self' https://roar.education https://gse-roar-admin-dev.firebaseapp.com/ https://gse-roar-assessment-dev.firebaseapp.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'none'; report-uri https://o4505913837420544.ingest.us.sentry.io/api/4506820782129152/security/?sentry_key=f15e3ff866394e93e00514b42113d03d&sentry_environment=staging; report-to csp-endpoint"
"value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com https://js.sentry-cdn.com blob:; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://storage.googleapis.com/roar-swr/ https://storage.googleapis.com/road-dashboard/ https://raw.githubusercontent.com/yeatmanlab/; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://firestore.googleapis.com https://identitytoolkit.googleapis.com https://raw.githubusercontent.com/yeatmanlab/ https://us-central1-gse-roar-admin-dev.cloudfunctions.net/ https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.sentry.io; frame-src 'self' https://roar.education https://gse-roar-admin-dev.firebaseapp.com/ https://gse-roar-assessment-dev.firebaseapp.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'none'; report-uri https://o4505913837420544.ingest.us.sentry.io/api/4506820782129152/security/?sentry_key=f15e3ff866394e93e00514b42113d03d&sentry_environment=staging; report-to csp-endpoint"
maximilianoertel marked this conversation as resolved.
Show resolved Hide resolved
},
{
"key": "Report-To",
Expand Down Expand Up @@ -74,7 +74,7 @@
"headers": [
{
"key": "Content-Security-Policy-Report-Only",
"value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com https://js.sentry-cdn.com blob:; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://firestore.googleapis.com https://identitytoolkit.googleapis.com https://raw.githubusercontent.com/yeatmanlab/ https://us-central1-gse-roar-admin.cloudfunctions.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.sentry.io; frame-src 'self' https://roar.education https://gse-roar-admin.firebaseapp.com/ https://gse-roar-assessment.firebaseapp.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'none'; report-uri https://o4505913837420544.ingest.us.sentry.io/api/4506820782129152/security/?sentry_key=f15e3ff866394e93e00514b42113d03d&sentry_environment=production; report-to csp-endpoint"
"value": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com https://js.sentry-cdn.com blob:; style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://storage.googleapis.com/roar-swr/ https://storage.googleapis.com/road-dashboard/ https://raw.githubusercontent.com/yeatmanlab/; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://firestore.googleapis.com https://identitytoolkit.googleapis.com https://raw.githubusercontent.com/yeatmanlab/ https://us-central1-gse-roar-admin.cloudfunctions.net/ https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.sentry.io; frame-src 'self' https://roar.education https://gse-roar-admin.firebaseapp.com/ https://gse-roar-assessment.firebaseapp.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'none'; report-uri https://o4505913837420544.ingest.us.sentry.io/api/4506820782129152/security/?sentry_key=f15e3ff866394e93e00514b42113d03d&sentry_environment=production; report-to csp-endpoint"
},
{
"key": "Report-To",
Expand Down
Loading