Add videos services to CSP (youtube-nocookie.com, meet.jit.si, etc)#11155
Add videos services to CSP (youtube-nocookie.com, meet.jit.si, etc)#11155andreslucena merged 4 commits intodevelopfrom
Conversation
|
As mentioned in the meeting: We will not add OSM to the default configuration as that's against their usage: https://operations.osmfoundation.org/policies/tiles/ As our initializer and documentation may not be that clear on this usage policy we should also update that to explain it better (on another PR). Finally, about the youtube-nocookie and others domains, as they're already allowed by the WYSIWYG video upload feature, we will add them to the default CSP configuration |
|
I've changed the fixes to #10986, as that's what I had in mind when commenting that in the review of the original feature:
|
andreslucena
left a comment
There was a problem hiding this comment.
👍🏽 Tried it out locally with the 4 services and all work.
* develop: Reorder and renumber the RELEASES_NOTES (#11379) Add videos services to CSP (youtube-nocookie.com, meet.jit.si, etc) (#11155) Alert from frontend errors in critical paths (#10937) Redesign: comments issues (#11363) Redesign: participatory process steps (#11226) Redesign: meetings map (#11383) Redesign: rename layouts (#11126)
🎩 What? Why?
This PR aims to fix more CSP issues introduced by #10700.
The embedded meeting services were not being added to the CSP exception, therefore even though a meeting was in the allowed urls, they may not have worked properly.
Also, this PR fixes #11153, adding the openstreetmap.org to the list of exceptions.
📌 Related Issues
Link your PR to an issue
Testing
Describe the best way to test or validate your PR.
📷 Screenshots