Colin Darie
2a948c6145
chore(dev): report to CSP_REPORT_URI instead of non existing /csp
2023-06-01 19:11:20 +02:00
François Vantomme
eb812032e1
security(csp): whitelist amazon AWS for S3 storage
2023-01-11 12:59:19 +01:00
Paul Chavard
07173401de
fix(graphql): load playground from CDN
2022-11-17 15:50:05 +01:00
François Vantomme
9bdce77faa
chore(csp): allow self-hosted Sentry
2022-11-08 09:49:45 +01:00
Paul Chavard
ea18c2b9ba
chore(build): use vitejs
2022-06-23 15:22:54 +02:00
Paul Chavard
9e0b3b642f
cleanup(sendinblue): remove sendinblue tracking
2022-05-06 11:14:44 +02:00
Paul Chavard
44c64669e9
Revert "Merge pull request #6787 from tchak/use-vite"
...
This reverts commit 5d572727b543be4482ee
2022-03-31 12:07:52 +02:00
simon lehericey
250b699664
remove duplicate csp
2022-03-29 16:27:08 +02:00
Paul Chavard
187e84a010
feat(assets): use vitejs to build javascript
2022-03-29 16:27:08 +02:00
Pierre de La Morinerie
3481d27cba
config: block browser external connections during system tests
...
During system tests, we don't want the headless browser to load
external resources:
- It is faster (we don't wait for external resources to be loaded)
- It avoids leaking our test setup to external service
Fixes #6982
2022-02-22 17:24:25 +01:00
Pierre de La Morinerie
6d5f44d489
config: translate the CSP comments from french to english
2022-02-22 17:17:55 +01:00
Pierre de La Morinerie
c2729ab7e2
config: add Matomo to the frame_src Content Security Policy
...
Solves the Matomo iframe being blocked on `/suivi`. Fix #5868
2022-02-15 15:56:53 +01:00
Pierre de La Morinerie
3276db016f
config: add Matomo to the connect_src Content Security Policy
...
Solves Matomo connections being blocked. Fix #6949
2022-02-15 15:56:53 +01:00
Pierre de La Morinerie
6fa52e8a5a
config: report CSP violations to report-uri
2022-02-15 12:49:52 +01:00
Pierre de La Morinerie
0b2775a1a6
config: add back DS_PROXY_URL to CSP
...
Otherwise a bunch of "static.demarches-simplifiees.fr" domains would
be missing.
2022-02-15 12:49:52 +01:00
François Vantomme
d5f207d98c
refactor(url): use env variables in content security policies
2022-02-15 12:49:52 +01:00
Pierre de La Morinerie
3e20ea13d8
Revert "Utilisation des variables d'environnement lors de la déclaration des Content Security Policies"
2022-02-08 22:20:08 +01:00
François Vantomme
8eaecd184a
refactor(url): use env variables in content security policies
2022-02-08 15:15:55 +01:00
Pierre de La Morinerie
5990439ab7
app: update code to Rails 6.1
2021-03-25 13:24:53 +01:00
Paul Chavard
91be115c70
Add annuaire_education champ ui
2021-01-14 17:57:48 +01:00
kara Diaby
3d56b1d8b0
fix bootstrap cdn
2020-10-22 15:00:01 +02:00
Paul Chavard
f1cbc9846e
Add carte ign
2020-07-30 16:58:20 +02:00
clemkeirua
db0d230531
add cdn.jsdeliver.net to the CSP
2020-07-27 16:54:46 +02:00
clemkeirua
7e085c657d
specific deactivation of rubocop DS/ApplicationName rule
2020-07-23 16:20:16 +02:00
kara Diaby
2fc438ab65
Fix safari and firefox compatibility mapbox gl
2020-04-30 14:14:03 +02:00
kara Diaby
9aea1fffee
Migrate the map editor to mapbox-gl with react component
2020-04-27 11:30:32 +02:00
Pierre de La Morinerie
37645d3df2
config: fix (again) the CSP when running a LiveReload server locally
...
When running the app using `bin/webpack-dev-server` (the external
(and fast) assets server), LiveReload is used. We need to explicitely
allow the LiveReload connections in the CSP policy.
Turns out we now need to specify the protocol explicitely.
2020-04-20 17:24:16 +02:00
kara Diaby
56e9834389
Revert "Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""""
...
This reverts commit 473ed00b6c
2020-04-09 11:01:20 +02:00
kara Diaby
473ed00b6c
Revert "Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react"""
...
This reverts commit fe0b3c2215
2020-04-07 18:14:07 +02:00
kara Diaby
fe0b3c2215
Revert "Revert "feat/4893 - migrate the mapReader to mapbox-gl with react""
...
This reverts commit 3e21b78142
2020-04-07 18:11:11 +02:00
Pierre de La Morinerie
3e21b78142
Revert "feat/4893 - migrate the mapReader to mapbox-gl with react"
2020-04-07 15:32:14 +02:00
kara Diaby
aa56cfd7a0
migrate map to mapbox-gl with a react component
2020-04-02 15:39:47 +02:00
Pierre de La Morinerie
ea94ea05a0
config: configure CSP to allow live-reload requests
...
This avoids CSP errors when using the `bin/webpack-dev-server` external
assets compilation server.
2020-03-18 13:26:54 +01:00
Paul Chavard
14295db9ad
Revert "Revert "Merge pull request #4552 from tchak/champ-communes""
...
This reverts commit 4373cb22cb
2020-01-14 18:46:07 +01:00
clemkeirua
4373cb22cb
Revert "Merge pull request #4552 from tchak/champ-communes"
...
This reverts commit 4cec26f73a0ef25ef36c
2020-01-13 16:26:27 +01:00
Paul Chavard
22aa2d4ee0
Make all location champs autocomplete
2020-01-07 11:52:51 +01:00
clemkeirua
6351eabfdd
remove notification to report-uri in production
2019-11-07 17:32:40 +01:00
Chaïb Martinez
f2386a5800
Add crips help domaine to defaut policy src
...
[fix #4234 ]
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-08-27 10:30:10 +02:00
clemkeirua
dfefb827d9
missing connect-src
2019-07-02 10:50:10 +02:00
clemkeirua
d6f2de2fbf
enable static + activate csp in production
2019-07-02 09:40:38 +02:00
clemkeirua
eaf850c1e9
enable csp
2019-06-27 11:10:29 +02:00
clemkeirua
f19b5f8911
fix csp rule for crisp websocket
2019-06-26 12:37:55 +02:00
clemkeirua
7064f7e973
enable crisp websockets and css
2019-06-25 17:39:08 +02:00
clemkeirua
d3c6021ef4
add duplicate rules as fallback
2019-06-20 11:34:24 +02:00
clemkeirua
dc6c2e6bc0
add missing elements
2019-06-17 17:05:08 +02:00
clemkeirua
765b10026e
more generic elements to the security policy
2019-06-17 09:51:27 +02:00
clemkeirua
5cbbbb8d3e
more whitelist for the common domains we use
2019-05-20 09:52:44 +02:00
clemkeirua
6fe4031b2e
use constant for localhost
2019-05-15 16:33:27 +02:00
clemkeirua
b670b60ac6
changement de l'URI de report-uri
2019-05-15 15:32:00 +02:00
clemkeirua
675cc5150c
update on the security policy headers
2019-05-09 14:55:21 +02:00
