From 9ea5cb6cffaf6de074f541ce9de8b24a10fc6b67 Mon Sep 17 00:00:00 2001 From: Nursoltan Saipolda Date: Mon, 18 Jul 2022 15:52:12 +0800 Subject: [PATCH 1/4] remove unsafe-inline csp for veterans --- src/server/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/index.js b/src/server/index.js index 0eee1228fd..2f0b20b00f 100644 --- a/src/server/index.js +++ b/src/server/index.js @@ -139,7 +139,7 @@ async function onExpressJsSetup(server) { res.header( 'Content-Security-Policy', "default-src 'self';" - + " script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval'" + + " script-src 'report-sample' 'self'" + ` ${config.CDN.PUBLIC}` + ' http://www.google-analytics.com' + ' https://43d132d5dbff47c59d9d53ad448f93c2.js.ubembed.com' From cbd1ca8539ea83d30e955115297a9eca8f648949 Mon Sep 17 00:00:00 2001 From: Luiz Ricardo Rodrigues Date: Mon, 18 Jul 2022 19:35:57 -0300 Subject: [PATCH 2/4] ci: deploy veterans-http-headers to Test env --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 349c4c5d3c..b3f6620410 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -349,7 +349,7 @@ workflows: filters: branches: only: - - free + - nursoltan-s:veterans-http-headers # This is alternate dev env for parallel testing - "build-qa": context : org-global From c4b437e0c51fd8f7dc61fc48afe59fb2ff3db9f6 Mon Sep 17 00:00:00 2001 From: Nursoltan Saipolda Date: Thu, 21 Jul 2022 23:19:28 +0800 Subject: [PATCH 3/4] add cache-control header to veterans --- src/server/index.js | 1 + 1 file changed, 1 insertion(+) diff --git a/src/server/index.js b/src/server/index.js index cf21e9bfb6..57a60b6d97 100644 --- a/src/server/index.js +++ b/src/server/index.js @@ -138,6 +138,7 @@ async function onExpressJsSetup(server) { res.header('Permissions-Policy', 'geolocation=(), microphone=(), camera=()'); if (req.url.startsWith('/__community__/veterans') || req.hostname === 'veterans.topcoder.com' || req.url.startsWith('/__community__/tco') || tcoPattern.test(req.hostname)) { + res.header('Cache-Control', 'no-cache'); res.header( 'Content-Security-Policy', "default-src 'self';" From ee1f747e136c2eee602dde3f91495542db19f276 Mon Sep 17 00:00:00 2001 From: Luiz Ricardo Rodrigues Date: Wed, 27 Jul 2022 03:24:45 -0300 Subject: [PATCH 4/4] ci: remove develop branch Dev env --- .circleci/config.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 087e203941..82a9a2c2f3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -349,9 +349,7 @@ workflows: filters: branches: only: - - develop - free - - justin-fixes # This is alternate dev env for parallel testing - "build-test": context : org-global