[Cashtab] Add CSP report only header
8808f0c06470
Actions

Description

[Cashtab] Add CSP report only header

Summary:
T3395

Adding a Content-Security-Policy-Report-Only header. This will return error msgs if anything about the CSP is breaking the app. Will deploy this first, check it out, then deploy CSP.

Would be nice to have a more strict CSP. We need these settings to support sideshift integration as as a script. Also, unsafe-inline is necessary for standard react app functionality (though I believe it's possible to get around this by changing the build script).

For now, any CSP is still better than none.

Test Plan:

cd web/cashtab
docker build -t cashtab_local .
docker run --rm -p 8080:80 --name cashtab cashtab_local

In another terminal,

curl -I http://localhost:8080

Can also deploy to netlify with these headers (need to follow their guide), then confirm you get no error log msgs

Note: Since this diff is only adding logs, there is no change as long as nginx.conf still passes nginx -t

Reviewers: #bitcoin_abc, PiRK

Reviewed By: #bitcoin_abc, PiRK

Differential Revision: https://reviews.bitcoinabc.org/D15106

Details

Provenance

bytesofman	Authored on Jan 5 2024, 23:11
bytesofman	Pushed on Jan 10 2024, 13:25

Reviewer

Restricted Project

Differential Revision

D15106: [Cashtab] Add CSP report only header

Parents

rABC3eeec844c263: [herald] Patch bug in unidentified miner

Branches

Unknown

Tags

Unknown

Event Timeline

bytesofman committed rABC8808f0c06470: [Cashtab] Add CSP report only header (authored by bytesofman).Jan 10 2024, 13:25

bytesofman added an edge: D15106: [Cashtab] Add CSP report only header.

Changes (1)

Path

Size

cashtab/

nginx.conf

rABC8808f0c06470

View Options