You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/08/23 06:35:06 UTC
[GitHub] [apisix-dashboard] nthsky opened a new pull request, #2601: fix: change default CSP value
nthsky opened a new pull request, #2601:
URL: https://github.com/apache/apisix-dashboard/pull/2601
**Why submit this pull request?**
- Bugfix
**What changes will this PR take into?**
It changes dashboard default CSP. Add `unsafe-inline` to `script-src` and add `img-src`
Current default csp policy is
```
"default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
```
**Problems:**
1. script-src without "unsafe-inline" cause error like this:
```
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-9B0adsvsNyel0bNudomHjhrSk758zuql+j59Udq5xCo='), or a nonce ('nonce-...') is required to enable inline execution.
```
2. no img-src cause that the plugin page without icon using base64 img cannot show correctly.
**Changes:**
After, default CSP changes to
```
"default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-dashboard] bzp2010 commented on pull request #2601: fix: change default CSP value
Posted by GitBox <gi...@apache.org>.
bzp2010 commented on PR #2601:
URL: https://github.com/apache/apisix-dashboard/pull/2601#issuecomment-1304990293
Thanks for your contribution.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-dashboard] juzhiyuan merged pull request #2601: fix: change default CSP value
Posted by GitBox <gi...@apache.org>.
juzhiyuan merged PR #2601:
URL: https://github.com/apache/apisix-dashboard/pull/2601
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-dashboard] codecov-commenter commented on pull request #2601: fix: change default CSP value
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on PR #2601:
URL: https://github.com/apache/apisix-dashboard/pull/2601#issuecomment-1223643401
# [Codecov](https://codecov.io/gh/apache/apisix-dashboard/pull/2601?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#2601](https://codecov.io/gh/apache/apisix-dashboard/pull/2601?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (e0c3e70) into [master](https://codecov.io/gh/apache/apisix-dashboard/commit/a15fe353e5018cd5f9c8b3fbe31e5795d92eb8b1?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (a15fe35) will **decrease** coverage by `9.45%`.
> The diff coverage is `n/a`.
```diff
@@ Coverage Diff @@
## master #2601 +/- ##
==========================================
- Coverage 76.08% 66.63% -9.46%
==========================================
Files 136 36 -100
Lines 3601 956 -2645
Branches 868 265 -603
==========================================
- Hits 2740 637 -2103
+ Misses 861 319 -542
```
| Flag | Coverage Δ | |
|---|---|---|
| frontend-e2e-test | `66.63% <ø> (-9.46%)` | :arrow_down: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/apisix-dashboard/pull/2601?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [web/src/helpers.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9oZWxwZXJzLnRzeA==) | `29.50% <0.00%> (-47.55%)` | :arrow_down: |
| [web/src/components/RightContent/AvatarDropdown.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL1JpZ2h0Q29udGVudC9BdmF0YXJEcm9wZG93bi50c3g=) | `50.00% <0.00%> (-32.15%)` | :arrow_down: |
| [web/src/components/PanelSection/index.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL1BhbmVsU2VjdGlvbi9pbmRleC50c3g=) | `75.00% <0.00%> (-25.00%)` | :arrow_down: |
| [web/src/pages/Consumer/List.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9wYWdlcy9Db25zdW1lci9MaXN0LnRzeA==) | `69.44% <0.00%> (-22.23%)` | :arrow_down: |
| [...b/src/components/Plugin/UI/referer-restriction.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL1BsdWdpbi9VSS9yZWZlcmVyLXJlc3RyaWN0aW9uLnRzeA==) | `69.69% <0.00%> (-21.22%)` | :arrow_down: |
| [web/src/components/Plugin/PluginPage.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL1BsdWdpbi9QbHVnaW5QYWdlLnRzeA==) | `82.00% <0.00%> (-17.00%)` | :arrow_down: |
| [web/src/components/ActionBar/ActionBar.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL0FjdGlvbkJhci9BY3Rpb25CYXIudHN4) | `69.23% <0.00%> (-15.39%)` | :arrow_down: |
| [web/src/components/Plugin/PluginDetail.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL1BsdWdpbi9QbHVnaW5EZXRhaWwudHN4) | `63.68% <0.00%> (-11.18%)` | :arrow_down: |
| [web/src/components/Plugin/UI/cors.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL1BsdWdpbi9VSS9jb3JzLnRzeA==) | `71.11% <0.00%> (-11.12%)` | :arrow_down: |
| [web/src/components/RawDataEditor/RawDataEditor.tsx](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-d2ViL3NyYy9jb21wb25lbnRzL1Jhd0RhdGFFZGl0b3IvUmF3RGF0YUVkaXRvci50c3g=) | `28.57% <0.00%> (-10.39%)` | :arrow_down: |
| ... and [106 more](https://codecov.io/gh/apache/apisix-dashboard/pull/2601/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
:mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org