Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial code parts for CSP implementation for sentry and self-hosted #48699

Merged
merged 15 commits into from
May 8, 2023
Merged

Initial code parts for CSP implementation for sentry and self-hosted #48699

merged 15 commits into from
May 8, 2023

Conversation

oioki
Copy link
Member

@oioki oioki commented May 8, 2023
edited
Loading

Another attempt of #47980 and #48507 (which were reverted due to bugs).

This PR adds some preliminary code for adding a Content-Security-Policy-Report-Only header with minimal required permissions (at least I could not find any violations on sentry devserver and self-hosted).

The CSP middleware is disabled (commented in the MIDDLEWARE)
There is no report collecting enabled by default (CSP_REPORT_URI is not set), the intent is to customize it depending on the use case.

oioki added 14 commits April 26, 2023 16:13
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label May 8, 2023
@codecov
Copy link

codecov bot commented May 8, 2023
edited
Loading

Codecov Report

Merging #48699 (87a07b7) into master (3b3b9d7) will increase coverage by 0.60%.
The diff coverage is 93.93%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #48699      +/-   ##
==========================================
+ Coverage   80.33%   80.94%   +0.60%     
==========================================
  Files        4780     4780              
  Lines      201867   202196     +329     
  Branches    11503    11503              
==========================================
+ Hits       162174   163669    +1495     
+ Misses      39438    38272    -1166     
  Partials      255      255
Impacted Files Coverage Δ
src/sentry/conf/server.py 93.55% <85.71%> (-0.23%) ⬇️
src/sentry/integrations/jira/views/base.py 100.00% <100.00%> (ø)

... and 153 files with indirect coverage changes

@oioki oioki mentioned this pull request May 8, 2023
Merged
@oioki oioki marked this pull request as ready for review May 8, 2023 14:21
@oioki oioki requested a review from a team May 8, 2023 14:21
@oioki oioki requested a review from a team as a code owner May 8, 2023 14:21
@oioki oioki requested a review from markstory May 8, 2023 14:21
@oioki oioki merged commit 4ba5bb7 into master May 8, 2023
@oioki oioki deleted the feat/django-csp branch May 8, 2023 15:55
@oioki oioki mentioned this pull request May 10, 2023
Closed
@github-actions github-actions bot locked and limited conversation to collaborators Jun 2, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@markstory markstory markstory approved these changes

Assignees
No one assigned
Labels
Scope: Backend Automatically applied to PRs that change backend components
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@oioki @markstory