Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: LEAP-176: set up CSP in Label Studio #5137

Merged
merged 10 commits into from
Dec 7, 2023
Merged

chore: LEAP-176: set up CSP in Label Studio #5137

merged 10 commits into from
Dec 7, 2023

Conversation

jombooth
Copy link
Contributor

@jombooth jombooth commented Dec 4, 2023
edited
Loading

Add a reasonably strict CSP policy to Label Studio Open Source, defaulting to report only mode, everywhere except the /data/ API, where the only CSP directive is "sandbox" and true CSP (not report only mode) will be used.

Adds several environment variables:

  • ENABLE_CSP (default True)
  • LS_CSP_REPORT_ONLY (default True)
  • LS_CSP_REPORT_URI (default None)

We should test this policy on our deployments + check for reports. In a future version we can change the REPORT_ONLY default to False.

@netlify Netlify
Copy link

netlify bot commented Dec 4, 2023
edited
Loading

Deploy Preview for label-studio-docs-new-theme ready!

Name Link
🔨 Latest commit ee9c570
🔍 Latest deploy log https://app.netlify.com/sites/label-studio-docs-new-theme/deploys/65711dae38f1840007dec9db
😎 Deploy Preview https://deploy-preview-5137--label-studio-docs-new-theme.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@netlify Netlify
Copy link

netlify bot commented Dec 4, 2023
edited
Loading

Deploy Preview for heartex-docs ready!

Name Link
🔨 Latest commit ee9c570
🔍 Latest deploy log https://app.netlify.com/sites/heartex-docs/deploys/65711dae52f9d70008eced73
😎 Deploy Preview https://deploy-preview-5137--heartex-docs.netlify.app/guide/billing
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@github-actions github-actions bot added the chore label Dec 4, 2023
@codecov Codecov
Copy link

codecov bot commented Dec 4, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (36e11d3) 76.11% compared to head (ee9c570) 76.13%.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #5137      +/-   ##
===========================================
+ Coverage    76.11%   76.13%   +0.01%     
===========================================
  Files          154      154              
  Lines        12792    12824      +32     
===========================================
+ Hits          9737     9763      +26     
- Misses        3055     3061       +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jombooth jombooth marked this pull request as ready for review December 7, 2023 01:24
@jombooth jombooth merged commit 1a20250 into develop Dec 7, 2023
51 of 59 checks passed
@jombooth jombooth deleted the fb-LEAP-176/csp-2 branch December 7, 2023 02:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bmartel bmartel bmartel approved these changes

Assignees
No one assigned
Labels
chore
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jombooth @bmartel