Re: Freeze Break Request: Content security policy on src.fp.o

On Wed, Aug 28, 2019 at 01:24:42PM +0200, Clement Verna wrote:

On Wed, 28 Aug 2019 at 13:15, Julen Landa Alustiza <[1]jlanda@fedoraproject.org> wrote:

 Good morning all!

 Due to pagure's new default content security policy src.fp.o users are
 getting a csp-error since the ui is trying to fetch a js file from
 apps.fp.o and the policy denies it.

 We need a configuration change on src.fp.o to modify the csp policy on
 src{.stg}.fp.o instances to allow clients to fetch js files from
 apps.fp.o

 I opened an issue on the tracker[0], but since we are on freeze now here
 goes the same patch for a FBR.

+1 it looks easy enough to rollback in case we need to :-)

Thanks!

Applied on git and on the servers :)

Pierre