Closed jtimpe closed 1 month ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 93.11%. Comparing base (
229c32c
) to head (8b1b6a2
). Report is 1 commits behind head on develop.
changes needed:
1) need to make the frontend to load without unsafe-inline: see this https://github.com/facebook/create-react-app/issues/6643#issuecomment-473183280 2)
UPDATE Apr 9th: To be able to have separate CSP header for the website and for Kibana, we will need to move the CSP header assignment to /location directive. The headers that are set in .conf file cannot be overwritten in /location directive and we can only add headers. There are two separate issues with this change:
per async on 5/10 with @jtimpe -- we agreed that this PR can also close #2843
Summary of Changes
Pull request closes #2238 Pull request closes #2843
Upon further investigation, the following low priority findings no longer show up in our latest Webinspect scans
I have removed the changes associated with those findings and instead only addressed the final one
Since our Kibana implementation requires being served behind a proxy, the
unsafe-eval
andunsafe-inline
directives mentioned by the scan are required. I've included some documentation in ADR 16 to reflect this.How to Test
List the steps to test the PR These steps are generic, please adjust as necessary.
Deliverables
More details on how deliverables herein are assessed included here.
Deliverable 1: Accepted Features
Checklist of ACs:
lfrohlich
and/oradpennington
confirmed that ACs are met.Deliverable 2: Tested Code
CodeCov Report
comment in PR)CodeCov Report
comment in PR)Deliverable 3: Properly Styled Code
Deliverable 4: Accessible
iamjolly
andttran-hub
using Accessibility Insights reveal any errors introduced in this PR?Deliverable 5: Deployed
Deliverable 6: Documented
Deliverable 7: Secure
Deliverable 8: User Research
Research product(s) clearly articulate(s):