Fix issue with frames not loading in Safari
What does this MR do?
Fixes #331692 (closed)
In CSP level 3 the frame-src
directive is to be prioritized over child-src
but apparently Safari doesn't follow that so we're going to keep both of those values equal until browsers standardize.
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
I have included a changelog entry, or it's not needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) -
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) -
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) -
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides.
Availability and Testing
-
I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) -
I have tested this MR in all supported browsers, or it's not needed. -
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.
Security
Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Merge request reports
Activity
changed milestone to %14.0
marked the checklist item I have included a changelog entry, or it's not needed. (Does this MR need a changelog?) as completed
marked the checklist item I have added/updated documentation, or it's not needed. (Is documentation required?) as completed
marked the checklist item I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) as completed
marked the checklist item I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) as completed
marked the checklist item I have self-reviewed this MR per code review guidelines. as completed
marked the checklist item This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) as completed
marked the checklist item I have followed the style guides. as completed
marked the checklist item I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) as completed
marked the checklist item I have tested this MR in all supported browsers, or it's not needed. as completed
marked the checklist item I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed. as completed
mentioned in issue #331692 (closed)
added backend label
Reviewer roulette
Changes that require review have been detected! A merge request is normally reviewed by both a reviewer and a maintainer in its primary category (e.g. frontend or backend), and by a maintainer in all other categories.
To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
Category Reviewer Maintainer backend Doug Stull ( @dstull
) (UTC-4)Max Woolf ( @mwoolf
) (UTC+1)If needed, you can retry the
danger-review
job that generated this comment.Generated by
Dangeradded typebug label
mentioned in issue #39122 (closed)
- Resolved by Dominic Couture
Hello @alinamihaila, can you review this bug fix please? It popped up now after enabling the CSP by default in %13.12 !56923 (merged)
Thanks!
requested review from @alinamihaila
- Resolved by Max Woolf
Will we be able to add Pick into 13.12 ?
Thanks @dcouture
requested review from @mwoolf
added severity3 label
mentioned in issue #331810 (closed)
added Pick into 13.12 label
enabled an automatic merge when the pipeline for 1f8888f6 succeeds
mentioned in commit 7af59b1d
added workflowstaging label
added workflowcanary label and removed workflowstaging label
added workflowproduction label and removed workflowcanary label
mentioned in issue #331881 (closed)
mentioned in issue #332005 (closed)
mentioned in issue #207414 (closed)
mentioned in merge request !62615 (merged)
picked the changes into the branch
13-12-stable-ee-patch-3
with commit c088ece3mentioned in commit c088ece3
Automatically picked into !63385 (closed), will merge into
13-12-stable-ee
ready for13.12.3-ee
.removed Pick into 13.12 label
mentioned in merge request !63385 (closed)
mentioned in issue gitlab-com/gl-infra/delivery#1795
added releasedcandidate label
Could you also please update: https://docs.gitlab.com/13.12/omnibus/settings/configuration.html#content-security-policy?
Thanks in advance!
mentioned in merge request kubitus-project/kubitus-installer!39 (merged)
added releasedpublished label and removed releasedcandidate label