[HOLD][Tracking] CSP error related issues for newDot #15244
Comments
techievivek
added
Weekly
|
Triggered auto assignment to @davidcardoza ( |
This comment was marked as off-topic.
This comment was marked as off-topic.
|
Sorry for the ping @davidcardoza, this is just a tracking issue. |
|
Adding this to weekly until we have some movement in the whatsnext proposal. |
|
@justinpersaud Hi, any updates on the proposal to move the newDot Cloudflare worker code to the |
|
@techievivek this issue was created 2 weeks ago. Are we close to a solution? Let's make sure we're treating this as a top priority. Don't hesitate to create a thread in #expensify-open-source to align faster in real time. Thanks! |
|
No update on the whatsnext proposal but given this is not a big issue for us it should be just fine to hold this for some time. |
|
Still on HOLD for migration newDot from Cloudflare to our own servers. |
|
@techievivek spotted a similar error here - #24084 |
|
I chatted with Amy last week about the progress on the project, but it looks like Justine has shifted focus to working on the command mode for the Expensify card project, so this could be a bit delayed for now. |
|
Still on HOLD. |
|
No progress seems to be coming from the infra team on switching from the AWS to our own server. |
|
@techievivek can you refresh my memory on why these specifically depend on the migration? Is there nothing we can do today to solve these? |
|
@justinpersaud Here is a current CSP issue that we haven't yet resolved. |
This isn't true anymore. There is a way to test them locally, we just haven't fully put together the instructions on how to do it because there wasn't a use case. Also, we have a function now to generate a nonce and have a script that uses it and working today. https://github.com/Expensify/Cloudflare-Workers/blob/main/new.expensify.com/index.js#L9-L17 It's not clear to me that this needs to be held on any migration and can't be solved another way. |
This doesn't need to be held of any migration if there is an easy way to test changes made to CSP rule on DEV.
It will be great to have the instruction written on an SO, I can try fixing this once I have a way to test it locally.
Wow this is cool |
techievivek
changed the title
It's a bit more than that. Can you create a GH and assign me with all the requirements you need for your testing? Include details on how you specifically want to test and what you're expecting if possible. |
|
Sorry, couldn't prioritize this I will take a dig into it and have a GH ready for you soon, thanks. |
|
Sorry, couldn't prioritize this since I have been working on 2 EOY projects. |
|
Closing CSP related bugs for now based on this comment #15042 (comment) |
We currently send CSP (content security policy) related headers for newDot using Cloudflare workers, which are only set up for our staging and prod environments. Therefore, testing changes related to CSP on the DEV server is a bit cumbersome. However, we have good news that a whatsnext proposal is in progress, which involves moving the Cloudflare workers code for newDot to the App repo. Until this is done, we kindly request that we keep a pause on working on any issue related to CSP.
If you would like to learn more about CSP, please visit: https://content-security-policy.com/. Additionally, if you're interested in learning more about Cloudflare workers, please visit: https://developers.cloudflare.com/workers/.
For your reference, here are a couple of related issue lists:
Please feel free to add any issues to the list that are related to the CSP error.
Thank you!
Upwork Automation - Do Not Edit
The text was updated successfully, but these errors were encountered: