You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by robertkowalski <gi...@git.apache.org> on 2015/09/03 16:06:13 UTC

[GitHub] couchdb-fauxton pull request: allow custom csp header

GitHub user robertkowalski opened a pull request:

    https://github.com/apache/couchdb-fauxton/pull/514

    allow custom csp header

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertkowalski/couchdb-fauxton csp-whitelist

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/couchdb-fauxton/pull/514.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #514
    
----
commit 8cc7125588cc6fc8c6a6f87a970e6c03aec722f1
Author: Robert Kowalski <ro...@apache.org>
Date:   2015-09-03T14:05:47Z

    allow custom csp header

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] couchdb-fauxton pull request: allow custom csp header

Posted by benkeen <gi...@git.apache.org>.

Github user benkeen commented on the pull request:

    https://github.com/apache/couchdb-fauxton/pull/514#issuecomment-137490285
  
    Code is fine. Could I get some pointers on how to test this? 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] couchdb-fauxton pull request: allow custom csp header

Posted by robertkowalski <gi...@git.apache.org>.

Github user robertkowalski closed the pull request at:

    https://github.com/apache/couchdb-fauxton/pull/514


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] couchdb-fauxton pull request: allow custom csp header

Posted by robertkowalski <gi...@git.apache.org>.

Github user robertkowalski commented on the pull request:

    https://github.com/apache/couchdb-fauxton/pull/514#issuecomment-137496001
  
    in your settings.default.json, add this to couchserver above couchconfig:
    
     "contentSecurityPolicyHeader": "default-src 'self'; img-src 'self' font-src 'self'; script-src 'self' style-src 'self';",
    
    and you should get csp errors in the console as they are stricter than our default rules.
    
    ```diff
    diff --git a/settings.json.default b/settings.json.default
    index b44c98b..d34ad79 100644
    --- a/settings.json.default
    +++ b/settings.json.default
    @@ -61,7 +61,15 @@
             }
           }
         },
    -
    +    "couchserver": {
    +      "dist": "./dist/debug/",
    +      "port": 8000,
    +      "contentSecurityPolicy": true,
    +      "contentSecurityPolicyHeader": "default-src 'self'; img-src 'self' font-src 'self'; script-src 'self' style-src 'self';",
    +      "proxy": {
    +        "target": "http://localhost:5984"
    +      }
    +    },
         "couch_config": {
           "fauxton": {
             "db": "http://localhost:5984/fauxton",
    ```


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] couchdb-fauxton pull request: allow custom csp header

Posted by robertkowalski <gi...@git.apache.org>.

Github user robertkowalski commented on the pull request:

    https://github.com/apache/couchdb-fauxton/pull/514#issuecomment-137517569
  
    merged as 1c8d86e75e32a36d98c627f7886d125a12693ac0


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] couchdb-fauxton pull request: allow custom csp header

Posted by benkeen <gi...@git.apache.org>.

Github user benkeen commented on the pull request:

    https://github.com/apache/couchdb-fauxton/pull/514#issuecomment-137517377
  
    Looks good, thanks @robertkowalski! +1


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---