phabricator/src/aphront at 42e5b8a04bece0abe4e018deb381347ac1bf7d37 - phabricator - Blender Projects

archive/phabricator

Files

History

epriestley 42e5b8a04b Include the primary domain in the Content-Security-Policy explicitly if there's no CDN

Summary:
Ref T4340. If you don't configure a CDN and visit a custom site (like a Phame blog site, or a CORGI sandbox internally) we serve resources from the main site. This violates the Content-Security-Policy.

When there's no CDN, include the primary domain in the CSP explicitly.

Test Plan: Loaded `local.www.phacility.com`, got resources.

Maniphest Tasks: T4340

Differential Revision: https://secure.phabricator.com/D19170

2018-03-02 07:42:29 -08:00

..

phtize all the things

2015-05-22 21:16:39 +10:00

Modularize rate/connection limits in Phabricator

2017-10-13 13:12:05 -07:00

Convert some whiny exceptions into quiet MalformedRequest exceptions

2016-08-16 15:50:21 -07:00

Pass all Throwables to Exception Handlers, not just Exceptions

2017-06-20 05:44:51 -07:00

httpparametertype

Fix spelling

2017-10-09 10:48:04 -07:00

Allow Controllers to return a wider range of "response-like" objects

2015-09-01 15:52:52 -07:00

Include the primary domain in the Content-Security-Policy explicitly if there's no CDN

2018-03-02 07:42:29 -08:00

Don't combine automatic output compression with "Content-Length"

2016-12-13 14:25:49 -08:00

Allow custom Sites to have custom 404 controllers

2016-11-30 15:25:09 -08:00

AphrontController.php

Provide an AphrontController implementation of willSendResponse()

2015-09-07 17:18:35 -07:00

AphrontRequest.php

Move Paste line range reading code into AphrontRequest

2018-03-01 11:15:06 -08:00