search

IBM / taxinomitis

Source code for Machine Learning for Kids site
https://machinelearningforkids.co.uk
Apache License 2.0
145 stars 139 forks source link

Fix CSP so that the policy can be enforced and not just report only #346

Open dalelane opened 3 years ago

dalelane commented 3 years ago

image

The CSP policy currently used is not correct.

https://github.com/IBM/taxinomitis/blob/3d32953f4f6b630d5aa81617ae9b9c4c5a593bb5/src/lib/restapi/config.ts#L43-L90

This was brought to light after a recent version update of the helmet module. To avoid breakages, the CSP was switched to report-only as a temporary workaround.

https://github.com/IBM/taxinomitis/blob/e665e30bb19615a6ac006b5333b35d6edb3ee840/src/lib/restapi/index.ts#L42-L44

The CSP needs to be fixed so that the enforcement can be re-enabled.

dalelane commented 3 years ago

https://github.com/IBM/taxinomitis/blob/e665e30bb19615a6ac006b5333b35d6edb3ee840/src/lib/restapi/config.ts#L52-L54

dalelane commented 3 years ago

https://github.com/IBM/taxinomitis/blob/e665e30bb19615a6ac006b5333b35d6edb3ee840/src/lib/restapi/config.ts#L59-L62

dalelane commented 3 years ago

Some of the errors that these are hiding are from angular - see https://docs.angularjs.org/api/ng/directive/ngCsp for details