summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@hardison.net>2017-02-06 16:55:15 +0100
committerDylan William Hardison <dylan@hardison.net>2017-02-06 16:55:31 +0100
commitbc705ae4c2fb5b4a22c1c1594ea2791545d12cc4 (patch)
tree93dc874f148c8dd3a63fe326fb28cdb0f5dc3d49 /Bugzilla
parent92ca9f67a4a2306218491ac45607a33414b96ad9 (diff)
downloadbugzilla-bc705ae4c2fb5b4a22c1c1594ea2791545d12cc4.tar.gz
bugzilla-bc705ae4c2fb5b4a22c1c1594ea2791545d12cc4.tar.xz
Bug 1336387 - CSP breaks GitHubAuth on index and bug modal pages
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/CGI.pm37
1 files changed, 22 insertions, 15 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index f73fa6121..2402e997b 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -31,21 +31,28 @@ BEGIN {
*AUTOLOAD = \&CGI::AUTOLOAD;
}
-use constant DEFAULT_CSP => (
- default_src => [ 'self' ],
- script_src => [ 'self', 'unsafe-inline', 'unsafe-eval' ],
- child_src => [ 'self', ],
- img_src => [ 'self', 'https://secure.gravatar.com' ],
- style_src => [ 'self', 'unsafe-inline' ],
- object_src => [ 'none' ],
- form_action => [
- 'self',
- # used in template/en/default/search/search-google.html.tmpl
- 'https://www.google.com/search'
- ],
- frame_ancestors => [ 'none' ],
- disable => 1,
-);
+sub DEFAULT_CSP {
+ my %policy = (
+ default_src => [ 'self' ],
+ script_src => [ 'self', 'unsafe-inline', 'unsafe-eval' ],
+ child_src => [ 'self', ],
+ img_src => [ 'self', 'https://secure.gravatar.com' ],
+ style_src => [ 'self', 'unsafe-inline' ],
+ object_src => [ 'none' ],
+ form_action => [
+ 'self',
+ # used in template/en/default/search/search-google.html.tmpl
+ 'https://www.google.com/search'
+ ],
+ frame_ancestors => [ 'none' ],
+ disable => 1,
+ );
+ if (Bugzilla->params->{github_client_id} && !Bugzilla->user->id) {
+ push @{$policy{form_action}}, 'https://github.com/login/oauth/authorize', 'https://github.com/login';
+ }
+
+ return %policy;
+}
# Because show_bug code lives in many different .cgi files,
# we needed a centralized place to define the policy.