Bug #17084
Webpack dev server missing from CSP on "Welcome" pages
Description
When in foreman is run in development and a welcome page is triggered (for example on /environments) when no entries exist yet.
This is done via a `before_filter` in the Application controller, when the welcome filter calls render it'll skip all before filters following.
One of the skipped filters is 'allow_webpack' which should add the webpack_dev server to the CSP rule, when this is not done the browser won't load the bundled CSS and JS and throw JS errors.
This is only a bug for development environments, therefore I'll set it to Low.
Related issues
Associated revisions
History
#1
Updated by Dominic Cleal over 5 years ago
- Related to Feature #9117: Update to secure_headers 3.x added
#2
Updated by Dominic Cleal over 5 years ago
- Category set to Web Interface
#3
Updated by The Foreman Bot over 5 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3975 added
#4
Updated by Dominic Cleal over 5 years ago
- Assignee set to Sebastian Gräßl
- Legacy Backlogs Release (now unused) set to 189
#5
Updated by Sebastian Gräßl over 5 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset b4098eddf24238db0b815c16011e1d65909aea63.
#6
Updated by Marek Hulán over 5 years ago
- Target version set to 1.4.2
Fixes #17084 - Add webpack on welcome and unauthorized pages
Adds webpack server to CSP headers via prepend_before_action,
to ensures it is run before welcome and authorized filters.