Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Enable CSP with nonce #776

Merged
merged 3 commits into from
Feb 13, 2025
Merged

feat: Enable CSP with nonce #776

merged 3 commits into from
Feb 13, 2025
+18 −8

Conversation

andreituicu
Copy link
Collaborator

@andreituicu andreituicu commented Feb 11, 2025
edited
Loading

Description

Tryout CSP with nonce on https://www.aem.live .
Depends on adobe/helix-html-pipeline#773 .

Motivation and Context

Mitigate possible XSS.
More context in: adobe/helix-html-pipeline#773 .

How Has This Been Tested?

Using:
https://cspnonce--helix-website--adobe.aem.page/
https://cspnonce--helix-website--adobe.hlx.page/docs/
https://cspnonce--helix-website--adobe.hlx.page/notfound

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • I have signed the Adobe Open Source CLA.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@aem-code-sync AEM Code Sync
Copy link

aem-code-sync bot commented Feb 11, 2025
edited
Loading

Hello, I'm the AEM Code Sync Bot and I will run some actions to deploy your branch and validate page speed.
In case there are problems, just click a checkbox below to rerun the respective action.

  • Re-run PSI checks
  • Re-sync branch
Commits

@aem-code-sync AEM Code Sync
Copy link

aem-code-sync bot commented Feb 11, 2025
edited
Loading

Page Scores Audits Google
📱 / PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI
🖥️ / PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI
📱 /docs/ PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI
🖥️ /docs/ PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI
📱 /notfound PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI
🖥️ /notfound PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI

@andreituicu andreituicu merged commit 4d95f3b into main Feb 13, 2025
5 checks passed
@andreituicu andreituicu deleted the cspnonce branch February 13, 2025 19:21
andreituicu added a commit that referenced this pull request Feb 13, 2025
@andreituicu
Revert "feat: Enable CSP with nonce (#776)"
346fec4 
This reverts commit 4d95f3b.
@andreituicu andreituicu mentioned this pull request Feb 13, 2025
Merged
andreituicu added a commit that referenced this pull request Feb 13, 2025
@andreituicu
Revert "feat: Enable CSP with nonce (#776)" (#779)
c2ba3c5 
This reverts commit 4d95f3b.
@andreituicu andreituicu restored the cspnonce branch February 13, 2025 19:50
@andreituicu andreituicu deleted the cspnonce branch February 13, 2025 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tripodsan tripodsan tripodsan approved these changes

@amol-anand amol-anand Awaiting requested review from amol-anand

@fkakatie fkakatie Awaiting requested review from fkakatie

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andreituicu @tripodsan