Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Content Security Policy] Enable CSP for all tests #3447

Open
compulim opened this issue Sep 1, 2020 · 0 comments
Open

[Content Security Policy] Enable CSP for all tests #3447

compulim opened this issue Sep 1, 2020 · 0 comments
Labels
backlog Out of scope for the current iteration but it will be evaluated in a future release. technical-debt Improve maintenance, follow best practices, test coverage, etc.

Comments

@compulim
Copy link
Contributor

compulim commented Sep 1, 2020

Feature Request

After #3393 is resolved (PR #3443 is merged), we can start enabling CSP on all of our tests, to make sure we don't violate some of the directives in the future.

The baseline policy is documented at docs/CONTENT_SECURITY_POLICY.md. We will need to relax it a bit, for example, allowing images and media from certain domain.

This feature work is to:

  • Extend the baseline policy to a minimum extent to fit our tests
  • Enable CSP on all our tests, including both Jest tests and HTML tests

[Enhancement]
@compulim compulim changed the title [Content Security Policy] Set a baseline policy for all tests [Content Security Policy] Enable CSP for all tests Sep 2, 2020
@corinagum corinagum added feature-request Azure report label technical-debt Improve maintenance, follow best practices, test coverage, etc. backlog Out of scope for the current iteration but it will be evaluated in a future release. and removed Enhancement feature-request Azure report label labels Sep 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backlog Out of scope for the current iteration but it will be evaluated in a future release. technical-debt Improve maintenance, follow best practices, test coverage, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@compulim @corinagum