Skip to content

[Blazor] Fix multiple CSP policies #55200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Apr 18, 2024
Merged

[Blazor] Fix multiple CSP policies #55200

merged 6 commits into from
Apr 18, 2024

Conversation

javiercn
Copy link
Member

@javiercn javiercn commented Apr 18, 2024
edited
Loading

Updates the CSP policy handling by Blazor to append to an existing policy if present.

@ghost ghost added the area-blazor Includes: Blazor, Razor Components label Apr 18, 2024
@javiercn javiercn marked this pull request as ready for review April 18, 2024 13:22
@javiercn javiercn requested a review from a team as a code owner April 18, 2024 13:22
SteveSandersonMS
SteveSandersonMS reviewed Apr 18, 2024
View reviewed changes
src/Components/test/E2ETest/ServerExecutionTests/WebSocketCompressionTests.cs Outdated
}
else
{
Assert.DoesNotContain("Content-Security-Policy", response.Headers.Select(h => h.Key));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this assertion really correct? If you're requesting the ?add-csp response, that should add at least one CSP in all cases, wouldn't it?

Or is it possible this test code never actually runs? It's hard to reason about with the subclasses and ExpectedPolicy etc.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's hard to write these tests. I copy pasted it from another test but validated that it works (that section doesn't run).

I'll clean that up.

@javiercn @SteveSandersonMS
Update src/Components/Server/src/Builder/ServerRazorComponentsEndpoin…
bdc7640 
…tConventionBuilderExtensions.cs

Co-authored-by: Steve Sanderson <SteveSandersonMS@users.noreply.github.com>
javiercn and others added 2 commits April 18, 2024 16:26
@javiercn @SteveSandersonMS
Update src/Components/test/E2ETest/ServerExecutionTests/WebSocketComp…
9b2b5ad 
…ressionTests.cs

Co-authored-by: Steve Sanderson <SteveSandersonMS@users.noreply.github.com>
@javiercn
Fix build and test
9bbfb29
@javiercn javiercn merged commit 74f4fd1 into main Apr 18, 2024
26 checks passed
@javiercn javiercn deleted the javiercn/blazor-csp-fix branch April 18, 2024 16:57
@dotnet-policy-service dotnet-policy-service bot added this to the 9.0-preview4 milestone Apr 18, 2024
@JamesNK JamesNK mentioned this pull request Apr 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JamesNK JamesNK JamesNK approved these changes

@SteveSandersonMS SteveSandersonMS SteveSandersonMS approved these changes

Assignees
No one assigned
Labels
area-blazor Includes: Blazor, Razor Components
Projects
None yet
Milestone
9.0-preview4
Development

Successfully merging this pull request may close these issues.
3 participants
@javiercn @JamesNK @SteveSandersonMS