Re-add CSP, use flask-talisman by epicfaace · Pull Request #234 · ambuda-org/ambuda

epicfaace · 2022-08-25T20:17:50Z

Re-add CSP, set unsafe-inline for CSS and unsafe-eval for JS to ensure the proofer functionality still works
Use flask-talisman to set CSP. This also sets a bunch of other best-practice security defaults like HSTS, etc. -- see https://github.com/GoogleCloudPlatform/flask-talisman

akprasad · 2022-08-29T20:44:08Z

Just to check, have you already looked through the docs here?

epicfaace · 2022-08-30T13:28:54Z

Just to check, have you already looked through the docs here?

https://alpinejs.dev/advanced/csp

Yes, I tried this, though 1) alpinejs-csp is not available through the cdn and you need to bundle it locally, and 2) when I did that, and did what the docs suggested around x-data, I still faced some other issues -- which I haven't resolved yet. Happy to push that branch up though.

akprasad · 2022-08-30T16:36:09Z

Cool, overall SGTM.

Before merge, let's resolve the outstanding conflicts. I also removed the Server API so let's just use ordinary fetches instead.

akprasad · 2022-09-09T02:55:51Z

Move to line 9

oh, maybe my diff was out of date? lgtm

epicfaace added 7 commits August 20, 2022 19:25

Set up CSP, unpkg -> jsdelivr

3a5d3ba

Re-add favicon

991d3bf

Merge branch 'main' of github.com:ambuda-project/ambuda into csp

206f547

use flask-talisman, fix proofing

67d602f

Merge branch 'main' of github.com:ambuda-project/ambuda into csp

13eb6f6

update

4834934

IMAGE_URL

d3eef29

epicfaace commented Aug 25, 2022

View reviewed changes

Comment thread ambuda/templates/proofing/pages/edit.html

epicfaace added 3 commits August 25, 2022 20:59

fix force_https

6117cb1

Merge branch 'main' of github.com:ambuda-project/ambuda into csp

ecf3867

Poll

a9aba05

epicfaace requested a review from akprasad August 27, 2022 21:14

jsdelivr

df8f8b3

akprasad force-pushed the main branch from 2bf507f to 93390b3 Compare September 5, 2022 21:42

epicfaace added 4 commits September 8, 2022 22:39

Merge branch 'main' into csp

4659f66

Update main.js

5fbeb88

Delete proofing-create-poll.js

71ffc30

Update main.js

46a69a1

akprasad reviewed Sep 9, 2022

View reviewed changes

epicfaace added 2 commits September 22, 2022 15:00

Merge branch 'main' into csp

cc2cd83

Update proofer.test.js

6dd92ed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Re-add CSP, use flask-talisman#234

Re-add CSP, use flask-talisman#234
epicfaace wants to merge 17 commits intoambuda-org:mainfrom
epicfaace:csp

epicfaace commented Aug 25, 2022

Uh oh!

Uh oh!

akprasad commented Aug 29, 2022

Uh oh!

epicfaace commented Aug 30, 2022

Uh oh!

akprasad commented Aug 30, 2022 •

edited

Loading

Uh oh!

akprasad Sep 9, 2022

Uh oh!

akprasad Sep 9, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

epicfaace commented Aug 25, 2022

Uh oh!

Uh oh!

akprasad commented Aug 29, 2022

Uh oh!

epicfaace commented Aug 30, 2022

Uh oh!

akprasad commented Aug 30, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

akprasad Sep 9, 2022

Choose a reason for hiding this comment

Uh oh!

akprasad Sep 9, 2022

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

akprasad commented Aug 30, 2022 •

edited

Loading