[#707] Bug in building metadata validation service #708
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Implement build process to create images that cannot be pulled from external repositories when deploying the stack. The modification in the Makefile sets up the build command to prevent pulling images externally during the deployment process. By adding the `--build` flag in the `docker-compose` command, it ensures that images are only built locally and not fetched from external sources. This aligns with the requirement to restrict access to the metadata validation service, ensuring that only localhost is used for accessing resources, thus strengthening security measures.
In response to the user story requiring the metadata validation service to be accessible only from localhost for security reasons, this commit includes a modification to the CSP (Content Security Policy) directive in the docker-compose.yml file. The change specifically adds 'https://www.googletagmanager.com' to the img-src directive, ensuring that resources from Google Tag Manager are permitted in the service. This adjustment enhances security measures by properly configuring the CSP policy to allow resources only from specified sources.
MSzalowski
approved these changes
Apr 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #707.
This pull request addresses two main issues following the user story's requirements. Firstly, it resolves a bug that prevented the successful rebuilding of the metadata validation service image. Secondly, it addresses a problem related to configuring the Content Security Policy (CSP) for Google Tag Manager.
The commit message associated with the first part of the changes reveals a modification made to the CSP directive in the docker-compose.yml file to include "https://www.googletagmanager.com" in the img-src directive. This addition permits the Google Tag Manager resources in the service, enhancing security measures by properly configuring the CSP policy.
The second commit message describes the implementation of a build process that prohibits pulling images from external repositories when deploying the stack. The Makefile modification ensures that the build command prevents external image pulling during deployment through the addition of the
--buildflag in thedocker-composecommand. This change aligns with the requirement to restrict access to the metadata validation service to localhost, strengthening overall security measures.