Skip to content

A couple more CSP enhancements #2530

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 8, 2025
Merged

A couple more CSP enhancements #2530

merged 6 commits into from
Jul 8, 2025

Conversation

labkey-tchad
Copy link
Member

Rationale

Add test coverage for CSP enhancements

Related Pull Requests

Changes

  • Configure object-src for Knitr tests and remove exclusion from CspLogUtil
  • Add regression test for script nonce in report webpart (AbstractKnitrReportTest)
  • Remove redundant methods from PortalHelper
  • Move some methods from WikiHelper to wiki.EditPage

@labkey-tchad labkey-tchad requested review from labkey-adam, a team and labkey-danield and removed request for a team July 2, 2025 22:03
@labkey-tchad labkey-tchad mentioned this pull request Jul 2, 2025
Merged
3 tasks
labkey-adam
labkey-adam approved these changes Jul 3, 2025
View reviewed changes
src/org/labkey/test/tests/AbstractKnitrReportTest.java
public void testEmbeddedReportNonce()
{
CspConfigHelper.debugCspWarnings();
new CspConfigHelper(this).setEnforceCsp(false);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we're still disabling the enforce CSP and checking for logged warnings?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose we don't have to now that you mention it.
I'll remove these in a separate PR after this is merged. I don't want to touch this branch since it is merging to 25.7 but TeamCity is running it against develop.

@labkey-tchad labkey-tchad changed the base branch from develop to release25.7-SNAPSHOT July 3, 2025 22:34
@labkey-tchad labkey-tchad merged commit 77aea55 into release25.7-SNAPSHOT Jul 8, 2025
9 checks passed
@labkey-tchad labkey-tchad deleted the fb_csp_issues branch July 8, 2025 17:04
This was referenced Jul 9, 2025
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@labkey-adam labkey-adam labkey-adam approved these changes

@labkey-chrisj labkey-chrisj labkey-chrisj approved these changes

@labkey-danield labkey-danield Awaiting requested review from labkey-danield labkey-danield was automatically assigned from LabKey/core-test

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@labkey-tchad @labkey-adam @labkey-chrisj