diff options
author | Kohei Yoshino <kohei.yoshino@gmail.com> | 2018-07-27 16:03:40 +0200 |
---|---|---|
committer | Dylan William Hardison <dylan@hardison.net> | 2018-07-27 16:03:40 +0200 |
commit | acde857e4c2b250210a7dc7fe26ce6c382616c76 (patch) | |
tree | bb2cb6695769336a48ed6a762f4403474c212e68 /Bugzilla | |
parent | 2f1edccbe351176eaf69a6042945f84a5417c0b7 (diff) | |
download | bugzilla-acde857e4c2b250210a7dc7fe26ce6c382616c76.tar.gz bugzilla-acde857e4c2b250210a7dc7fe26ce6c382616c76.tar.xz |
Bug 1419636 - Make Google Analytics use beacon/XHR instead of img tag
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/CGI.pm | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 03805ad1e..dbcb3ef68 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -39,11 +39,13 @@ sub DEFAULT_CSP { script_src => [ 'self', 'nonce', 'unsafe-inline', 'https://www.google-analytics.com' ], frame_src => [ 'none', ], worker_src => [ 'none', ], - img_src => [ 'self', 'https://secure.gravatar.com', 'https://www.google-analytics.com' ], + img_src => [ 'self', 'https://secure.gravatar.com' ], style_src => [ 'self', 'unsafe-inline' ], object_src => [ 'none' ], connect_src => [ 'self', + # This is for extensions/GoogleAnalytics using beacon or XHR + 'https://www.google-analytics.com', # This is from extensions/OrangeFactor/web/js/orange_factor.js 'https://treeherder.mozilla.org/api/failurecount/', ], @@ -70,9 +72,11 @@ sub SHOW_BUG_MODAL_CSP { my ($bug_id) = @_; my %policy = ( script_src => ['self', 'nonce', 'unsafe-inline', 'unsafe-eval', 'https://www.google-analytics.com' ], - img_src => [ 'self', 'https://secure.gravatar.com', 'https://www.google-analytics.com' ], + img_src => [ 'self', 'https://secure.gravatar.com' ], connect_src => [ 'self', + # This is for extensions/GoogleAnalytics using beacon or XHR + 'https://www.google-analytics.com', # This is from extensions/OrangeFactor/web/js/orange_factor.js 'https://treeherder.mozilla.org/api/failurecount/', ], |