Project

General

Profile

Bug #17084

Webpack dev server missing from CSP on "Welcome" pages

Added by Sebastian Gräßl over 3 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Low
Category:
Web Interface
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

When in foreman is run in development and a welcome page is triggered (for example on /environments) when no entries exist yet.

This is done via a `before_filter` in the Application controller, when the welcome filter calls render it'll skip all before filters following.
One of the skipped filters is 'allow_webpack' which should add the webpack_dev server to the CSP rule, when this is not done the browser won't load the bundled CSS and JS and throw JS errors.

This is only a bug for development environments, therefore I'll set it to Low.


Related issues

Related to Foreman - Feature #9117: Update to secure_headers 3.xClosed2015-01-26

Associated revisions

Revision b4098edd (diff)
Added by Sebastian Gräßl over 3 years ago

Fixes #17084 - Add webpack on welcome and unauthorized pages

Adds webpack server to CSP headers via prepend_before_action,
to ensures it is run before welcome and authorized filters.

History

#1 Updated by Dominic Cleal over 3 years ago

#2 Updated by Dominic Cleal over 3 years ago

  • Category set to Web Interface

#3 Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3975 added

#4 Updated by Dominic Cleal over 3 years ago

  • Assignee set to Sebastian Gräßl
  • Legacy Backlogs Release (now unused) set to 189

#5 Updated by Sebastian Gräßl over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#6 Updated by Marek Hulán over 3 years ago

  • Target version set to 1.4.2

Also available in: Atom PDF